Monday, January 25, 2010

System Time and WCF service

It was one of the strange errors and I debugged it for hours. The error started occurring all of a sudden and did not have much detail. The same services were working on the other server. We were using wshttp binding and the server was hosted on IIS 7. I started thinking if this is something to check in IIS 7 since this is the only server we were using IIS latest version. Here is the error description

System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.

After some research found that it happens when the server time is not sync with the client system. When I checked the server, it was 20 sec delayed time than other servers on the same domain. I was not sure if someone changed it purposefully or how it got changed. All I did was change the time to sync with other servers. Then the service started working.

Updated 1/29:

Above were all my assumptions when I got this error first time, and since it fixed the problem, I was kind of in impression that the server time change was the issue. But it happened again, so its not only the server time. I reviewed it some more and found that this happens only when the client and server time is not in sync. The same application which is using the services on the same domain was working fine but when it was accessing from outside domain it had a problem. The client which was accessing the service was in IST time zone and the services hosted on one US server which was on EST time zone. When I observed the time difference, the client system was almost 7 minutes ahead than the EST. I went and just reset the client time to sync with server that is change to 7 minutes less. The application started working. But this is still kind of temporary solution or a work around. The WCF allows only 5 min time difference.

As a permanent fix, we can use a custom binding with
• LocalClientSettings.MaxClockSkew
• LocalServiceSettings.MaxClockSykew

But I haven’t tried using that yet. But would want to try and incorporate with application instead of dealing with these time changes because if the application is used by many different networks, it gets very difficult to track.

1 comment:

  1. Awsome blog. I'll remember this. This really helps :). Keep up the good work Subbu. After all Sharing is caring..