tags:

views:

1301

answers:

2
Q: 

Connection refused - nettcp WCF Service from work - client connecting over VPN

Here's the scenario: A client machine has connected to the 'Work network' via VPN (Cisco VPN Client). The work network hosts a machine that has a WCF service with nettcp binding. The client tries to connect to this service and gets an exception as follows:

Could not connect to net.tcp://workMachine:2010/SomeService. The connection attempt lasted for a time span of 00:00:01.3180754. TCP error code 10061: No connection could be made because the target machine actively refused it workMachine:2010.

Things I tried:

  1. Changed the Workgroup of the client machine to the work network workgroup
  2. Added domain/username/password for the Windows Networking Password vault, so that it can be used to connect
  3. Changed the wcf service path with an IP address instead of the workMachine name
  4. Checked client machine firewalls and added to allow the wcf client through it

All above failed and didn't work. Has anyone encountered similar issues?

The client machine is on Windows 7

SecurityMode of the WCF service is set to NONE - so that shouldn't be an issue.

Any insights will be helpful

A: 

Could you - just for testing purposes - expose the same service on the same machine using a HTTP endpoint, and try to connect to that one from your VPN client?

NetTcp is an excellent choice behind the corporate firewall - just don't know how the Cisco VPN client might cause troubles here, that might not show up when using an http-based protocol. Just a wild guess for now, but if you have nothing else to go on, give it a try!

Marc

marc_s  2009-08-07 22:20:24
http endpoint works, no issues
Vin  2009-08-07 23:29:38
OK, it must be a problem with the NetTCP Binding - not sure if that'll work across a VPN connection, really. I'm not much of an expert in VPN and networking, so I doubt I'll be able to help much more here......
marc_s  2009-08-08 08:04:13
Thanks marc, Does anyone else know?
Vin  2009-08-08 17:15:55
The only thing I can think of is that the Cisco VPN client has some kind of rules built-in that would define what kind of connections are allowed, and which are not (something like a built-in firewall). Maybe there's something in the Cisco VPN client that allows you to specify to allow TCP/IP direct connections to the port you're connecting to.
marc_s  2009-08-09 11:14:25
A: 

You may need to supply client credentials explicitly through your proxy object.

Assume that the proxy object in the code below implements one of the ClientBase interfaces.

proxy.ClientCredentials.Windows.ClientCredential.UserName = "clientaccount";
proxy.ClientCredentials.Windows.ClientCredential.Password = "S3cr3t1337Pwd";
d91-jal  2009-10-08 09:39:36

related questions

How to build a tunnel for file transfer between distant windows 2003 machines quickly
Does Wippien use a direct connection?
Webbased or Thick-client through VPN?
Check if access to a remote machine uses Wireless LAN
Capturing VPN usage statistics
Cisco VPN Client Version 4.8
Programatially determine if Cisco VPN Client is connected
TFS over VPN connection - is there a way to save the userid/password on client?
Duplicate ip in vpn tunnel both sites
MSDTC communication fails over VPN
Virtual guest not bridging to the host's VPN connection in VMware Server
How can I programmatically create a Windows VPN connection?
Can the built in VPN client "Connect to Workplace" in Vista home connect to a Cisco router?
Can I do SQL Server 2005 merge replication through an SSH tunnel?
Can't find windows share despite having connected VPN
Windows VPN connection ports.
Windows Server 2008 SSTP VPN in a Non-Domain Environment?
Copying databases to remote locations
How to access a PCMCIA modem's serial number?
DHCP overwrites Cisco VPN resolv.conf on Linux
Using VM to get around VPN restrictions
Easiest way to provide VPN access easily for all client OSes?
.NET Remoting Speed and VPNs
Using Xming X Window Server over a VPN
OpenVPN Config file to prevent timeout