I have an application running on a server (Windows server 2012) that does a wcf call to another application running on a computer(Windows 10).
The wcf call fails everytime when the user running the application is NOT a member of domain admins with this error :
(Inner Exception #0) System.ServiceModel.Security.SecurityNegotiationException: The server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed --- End of inner exception stack trace --- at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[] message, LazyAsyncResult lazyResult) at System.Net.Security.NegoState.StartSendBlob(Byte[] message, LazyAsyncResult lazyResult) at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel) at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
When I add the user in the domain admins group, everything works perfectly.
Do I miss something ? Is there a security rule somewhere I'm not aware of?
Thanks in advance for your expertise.
I found where the problem was. Someone configured a GPO to restrict the amount of groups that can access the computer from the network. Only Administrator where allowed to access this computer.
To solve this problem, I created a group only for the right users and added this group inside the GPO of the computers I needed access to.