Task client machines are unable to communicate with Notification Sever (SMP) but are able to communicate to site servers. The atrshost.exe on the Notification Server also fails to bind on 50121 and 50124 but 50120, 50122, and 50123 all bind correctly.
NS logs:
"No connection could be made because the target machine actively refused it 127.0.0.1:50121"
"Credential check for "<Your Application Identity Account>" failed: System.Net.WebException: The remote server returned an error: (401) Unauthorized."
Windows System Logs:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 8/8/2011 12:12:50 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: <FQDN>
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: <NSACCTNAME>
Account Domain:
Failure Information:
Failure Reason: An Error occurred during Logon.
Status: 0xc000006d
Sub Status: 0x0
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: <NSHOSTNAME>
Source Network Address: <NSHOSTIPADDR>
Source Port: 17992
Detailed Authentication Information:
Logon Process:
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
ITMS 8x
The atrshost service attempts to authenticate to the local machine multiple times using the server alias. Microsoft by design put in security measures to prevent programs from doing this, to prevent reflection attacks.
1: Open up the registry editor by typing regedit under Run.
2: Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
3: Right-click MSV1_0 and click New and choose to make it a Multi-String Value.
4: Enter BackConnectionHostNames as name for the entry, and double-click it to modify it.
5: Type the hostnames you need to use (usually the value specified NSPrefferedhost).
6: Restart IISAdmin Service ("Start" -> "Administrative Tools" -> "Services")
Solution 2 (Not recommended, but may be easier to test with):
1: Open up the registry editor by typing regedit under Run.
2: Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3: Right-click Lsa and click New and choose to make it a DWORD Value.
4: Enter DisableLoopbackCheck as name for the entry, and double-click it to modify it.
5: Set the value to 1 and click OK