WMI.NET到MicrosoftBizTalkServer-用户匿名登录失败 [英] WMI.NET to MicrosoftBizTalkServer - Login failed for user ANONYMOUS LOGIN
问题描述
通过WMI.NET连接到Biztalk Server 2010时,我能够成功细读任何数量的类类型,但没有一个Biztalk类.每个人都会抛出以下异常文字:
When connecting to Biztalk Server 2010 via WMI.NET, I am able to successfully peruse any number of class types, but none of the Biztalk classes. Each of those throw the following exception verbiage:
BizTalk Server cannot access SQL server. This could be due to one of the following reasons:
1. Access permissions have been denied to the current user. Either log on as a user that has been granted permissions to SQL and try again, or grant the current user permission to access SQL Server.
2. The SQL Server does not exist or an invalid database name has been specified. Check the name entered for the SQL Server and database to make sure they are correct as provided during SQL Server installation.
3. The SQL Server exists, but is not currently running. Use the Windows Service Control Manager or SQL Enterprise Manager to start SQL Server, and try again.
4. A SQL database file with the same name as the specified database already exists in the Microsoft SQL Server data folder.
Internal error from OLEDB provider: "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."
测试代码(无安全信息):
The test code (without security info):
ConnectionOptions options;
options = new ConnectionOptions();
options.Username = @"myusername";
options.Password = @"mypassword";
options.Authority = @"ntlmdomain:mydomain";
ManagementScope scope;
scope = new ManagementScope(@"\\BIZSERVERNAME\root\MicrosoftBizTalkServer", options);
scope.Connect();
ObjectQuery query = new ObjectQuery("SELECT * FROM MSBTS_Setting");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope,query);
var i = 0;
foreach (ManagementObject key in searcher.Get())
{
listBox1.Items.Add(key.ToString());
i++;
if (i > 100) break;
}
将MSBTS_Setting更改为任何Biztalk类,并获得相同的异常. 将其更改为非biztalk类,可以顺利进行.例如:CIM_Setting.
Change MSBTS_Setting to any Biztalk class and get the same exception. Change it to a non-biztalk class and it walks it just fine. Ex: CIM_Setting.
推荐答案
您正在遇到所谓的双跳"问题. (这实际上不是WMI/BT的特定问题,这也是使用Windows身份验证的IIS和Sql Server的常见问题)
You're running into what's called a "Double Hop" issue. (this is actually not a WMI/BT specific issue, it's also a common issue with IIS and Sql Server using windows authentication)
基本上在使用"BizTalk-WMI"时会发生这种情况(假设客户端,BT-Server和BT-Management-DB位于同一域中,但在不同的计算机上):
When using 'BizTalk-WMI' basicly this is happening (assuming Client, BT-Server and BT-Management-DB are in the same domain but on different machines):
客户端凭据发送到BT服务器/WMI提供程序. BT-Server应该将凭据传输到Sql-Server,但是kerberos不允许这样做(默认情况下).
Client credentials are sent to the BT-server/WMI provider. The BT-Server in its turn should transmit the credentials to the Sql-Server, but this isn't allowed (by default) by kerberos.
另请参阅此technet文章:
Also see this technet articles:
- Why does my remote operation fail when it involves a third machine?
- Understanding Kerberos Double Hop
基本上,您有3个使用"BT-WMI"的选项:
Basicly you have 3 options for using 'BT-WMI':
- 使用WMI在BT主机上运行代码,这仅需单跳到sql-server.或通过BT主机上托管的Web服务公开必要的功能.
- 使用 Microsoft .BizTalk.ExplorerOM 组件
- 为帐户和BT主机启用授权(在Active Directory中):
- Run your code with WMI on the BT-host(s), this will only require a single hop to the sql-server. Or expose the necessary functions through a web-service hosted on the BT-host(s).
- use the Microsoft.BizTalk.ExplorerOM component
- enable delegation (in Active Directory) for both the Account and BT-host(s): Allow a computer to be trusted for delegation for specific services
这篇关于WMI.NET到MicrosoftBizTalkServer-用户匿名登录失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
