VseWss - The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'

Question

I am trying to Deploy/Package a Visual Studio Project based on Visual Studio Extensions for Windows Sharepoint Services 1.3 (March 2009 CTP) but getting the following error!

The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'

I am able to access http://127.0.0.1:1378/SpService.svc through browser; VseWss service is running under Sharepoint Central Administration v3 application pool whose identity is Network Service. Sharepoint Services is installed with default settings. Network Service is member of local Administrators group.

The machine is Windows 2003 Standard Editon SP2 and is part of domain and I am logged on with a domain user; my user is member of machine' local Administrators group and I installed Sharepoint Service with this login which made me member of almost all required Sharepoint Security Groups (Farm Administrator; Site Collection Administrator etc)

I have tried stackoverflow and http://social.msdn.microsoft.com/Forums/en-US/sharepointdevelopment forum and have tried almost everything suggested in different posts on these two; but none of it has worked so far!

VSeWSS1.3.log has the following entries

2010/02/12 16:49:01 Error Error: System.ServiceModel.Security.MessageSecurityException System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) --- End of inner exception stack trace ---

Server stack trace: at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory) at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException) at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.SharePoint.Tools.SPServiceReference.ISPService.GetWeb(String url) at Microsoft.SharePoint.Tools.SharePointSolutions.SolutionDeployer.ValidateProjectDeployURL() at Microsoft.SharePoint.Tools.SharePointSolutions.SolutionDeployer.Deploy()

Answer 1

You also might try using the computer's actual hostname instead of the loopback address (127.0.0.1). If you use localhost or the loopback address, you probably won't be able to login using Kerberos, which would cause certain types of delegation scenarios to fail.

What may be happening is that your browser may be "falling back" silently to using NTLM, and other programs, such as VS's deployment don't behave that way -- they often only use Kerberos. So try using the hostname instead of loopback. If that doesn't work, you probably have an issue with Kerberos on your machine. If you are feeling really hard-core, you can read up on Kerberos and download a copy of WireShark and then look for the "KRB5" class error messages to see exactly what is failing, but this is a pretty large time investment.

Answer 2

Thanks Dave for the details and trying to nail the problem down....In WireShark I am getting the following

• Pvno: 5
• MSG Type: KRB-ERROR (30)
• stime: 2010-02-12 12:24:43 (UTC)
• susec: 881956
• error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
• Realm: MyDomain
• Server Name (Service and Instance): host/127.0.0.1
  • Name-type: Service and Instance (2)
  • Name: host
  • Name: 127.0.0.1

Answer 3

I have a fellow developer who has similar setup and his Visual Studio is packaging / deploying fine; we both have local Sharepoint Service installed where we are developing our modules independently! I am the second to setup the dev environment. Is this because KDC has issued him the host/127.0.0.1 ticket and to me its rejecting? With this in mind; I searched Windows registry for http://127.0.0.1:1378/SpService.svc and have replaced it to http://MyMachine:1378/SpService.svc (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\VSeWSSServiceURL). In IIS > VseWss web site; have changed site ip from 127.0.0.1 to All Unassigned. http://MyMachine:1378/SpService.svc is opening fine in browser (IE and Chrome); but as this service is not exposing the meta data so couldnt check it through WCFTestClient.

After IISRESET and restarting Visual Studio; I am now getting "The HTTP request was forbidden with client authentication scheme 'Negotiate'; however there is no KDC error now atleast...

VseWSS1.3.log has the following entry

2010/02/12 18:10:15    Error
Error: System.ServiceModel.Security.MessageSecurityException
System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Negotiate'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.
   at System.Net.HttpWebRequest.GetResponse()
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   --- End of inner exception stack trace ---
Server stack trace: 
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)
   at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.SharePoint.Tools.SPServiceReference.ISPService.GetWeb(String url)
   at Microsoft.SharePoint.Tools.SharePointSolutions.SolutionDeployer.ValidateProjectDeployURL()
   at Microsoft.SharePoint.Tools.SharePointSolutions.SolutionDeployer.Deploy()

Answer 4

I removed the machine from domain; uninstalled VSeWSS, Sharepoint and IIS. Reinstalled the IIS after removing the machine from domain. After installing Sharepoint and VSeWSS; things started working fine!