WCF self-hosted: http request forbidden for authentication scheme anonymous

Question

Situation:

We installed a self-hosted WCF Service on a new Windows Server 2016 Machine (machine X). This service makes a call to a Tibco BW webservice on a different Windows Server 2016 machine (machine Y).

When the WCF service is run with user A (part of built-in Adminstrators) all requests are processed successfully. When the service is run as user B (service user) we receive the following message: "http request forbidden for authentication scheme anonymous"

Both services run under basicHtttpBinding.

We were able to do the same installation on a different windows server 2016 environment with different users sucessfully.

Steps taken so far:

1. We compared the packages that are sent when the service is run with user A and with user B and found out that when the service is run with user B no package will reach machine Y.
2. We disabled the Windows Firewall on both machine but this did not change the behaviour.
3. We compared the rights and policies of user A and B via gpresult but could not see any difference regarding network access or http related policies.

Our Speculation

We suspect that User B is missing somekind of privilege to make http requests like User A is able to do.

Questions

• Is there a group policy that governs this kind of behaviour?
• What settings could prevent a User from sending these requests?
• Why do we get this error message despite not using any security settings?

Thank you

Answer 1

We did a wireshark analysis and found out that there was still a policy in place that required the service account to redirect all traffic over a proxy server. This proxy most likley had no idea how to handle WCF traffic and all requests resulted in the error message we observed.

Once we altered the policy to allow prevent the service user from using the proxy, the requests went trough as expected and as observed with the other administrator users.