2

I have hosted WCF service on IIS 6 using a custom AppPool. This AppPool is configured to run under a user who is in IIS_WPG group.

I can access the service from a remote location and can see the wsdl as well, but when I try to access the same service through "WCF Test Client", I got following error

enter image description here

Update: When I run the same service by changing AppPool's identity to "Network Service" group, then service is accessible through test client. So service metadata isn't accessible only when service runs under identity other than "Network Service" (which is default identity for user)

Nexus23
  • 6,195
  • 9
  • 50
  • 67
  • Check the answer to this question: http://stackoverflow.com/questions/5199541/failed-to-add-a-service-service-metadata-may-not-be-accessible-make-sure-your It seems that your service is missing it's metadata (mex) endpoint. – Coral Doe Aug 28 '12 at 10:55
  • Coral, mex endpoint was never defined in service config. The problem is slightly different, its happening only when service runs under a custom user identity and not "Network Service". – Nexus23 Aug 30 '12 at 17:03
  • The custom user identity has rights on all files needed for the service to run? Including files from wwwroot and certificates (if you have added security)? – Coral Doe Aug 31 '12 at 06:58

2 Answers2

1

I have experienced this problem in the past and the solution was to authenticate using a service account between client and the server hosting the service.

0

I have the same issue as described above.. Here are the things I've done while finding solution to this issue.

I will start will my deployment process of WCF to IIS6.

  1. Create a folder into the server and copy the WCF package.
  2. Create an AppPool for your WCF.
  3. Right click the newly created AppPool, select Properties, then go to Identity tab. Select "configurable" then enter your service account credential instead of NETWORK SERVICE.
  4. I didn't created a new web site. For my case, I created a virtual directory under the Default Web Site and point it to the WCF folder that I've copied.

  5. Once the virtual directory is created, right-click on it then select Properties. Below are the settings for each tabs

    Virtual Directory Tab

    • Click Create button to create application name.
    • Select "Scripts Only" in execute permission.
    • Select the AppPool that you have created.
    • Click Apply button to save changes.

    Document Tab

    • Add new content - the name of your WCF .svc file.
    • Click Apply button to save changes.

    Directory Security Tab

    • Click Edit button in Authentication and access control.
    • Change the user name and password with your service account credential.
    • Click OK (enter the password again if reconfirmation is needed).
    • Click Apply button to save changes.

    ASP.Net Tab

    • Select 4.0.30319 version (if .net framework 4.0 is required)
    • Click Apply button to save changes.

  6. Now, go to Computer Management > System Tools > Local Users and Groups > Groups

  7. Open the IIS_WPG group and add your service account.

  8. Then go to Start > Administrative Tools > Local Security Policy

  9. Expand Security Settings > Local Policies > User Rights Assignment. Search for Log on as service then add your service account there.

  10. Lastly, Go to C:\WINDOWS\Temp folder. Right click on it then select Properties. Click Security tab then add your service account.

  11. To set a special permission, click Advance button.

  12. Select your service account then click Edit button. In the list of permissions, tick or check only the "List Folder/Read Data" and "Delete" permissions. Click OK and Apply button to apply changes. If message box prompted you, click Yes to apply in sub folders.

  13. Now, the final moment. Make sure the app pool is running. Test the WCF in browser and then in WCF Test client.

    1. In my case it's working, perfectly :)

Hope this will help you...

amazingCode
  • 1