1. 首頁
  2. 問答
  3. 對SSPI的調用失敗,請參閱內部異常 - 無法聯繫本地安全機構

對SSPI的調用失敗,請參閱內部異常 - 無法聯繫本地安全機構

2016-06-20 44 views
9

我有一個WPF應用程序,它使用SSLStream連接到服務器併發送/接收一些消息。我的代碼更大程度上基於此示例(SslTcpClient):https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx對SSPI的調用失敗,請參閱內部異常 - 無法聯繫本地安全機構

這工作好幾個月。但是,獲得此Windows更新後(Windows 10 1511版和Windows Server 2016技術預覽版4的累積更新:2016年6月14日 - https://support.microsoft.com/en-us/kb/3163018)。我的應用開始報告此異常:

System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The Local Security Authority cannot be contacted 
    --- End of inner exception stack trace --- 
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) 
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) 
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) 
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) 
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) 
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) 
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) 
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) 
at MyAPP.Core.Services.Network.Impl.SslTcpClient.ClientSideHandshake() 
at MyAPP.Core.Services.Network.Impl.SslTcpClient.Connect() 
at MyAPP.Core.Services.Impl.MessageService.SendMessage(String message)

我該怎麼辦?

來源

2016-06-20 MilanM

+1

在Windows 10計算機上進行此更新後,我們遇到了同樣的問題。我們使用MySQL .NET Connector通過SSL連接到遠程MySQL數據庫。 –

回答

8

這裏是溶液,在註冊表中設置:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CURRENTCONTROLSET \控制\ SecurityProviders \ SCHANNEL \ KeyExchangeAlgorithms \的Diffie-Hellman] 「ClientMinKeyBitLength」= DWORD:00000200

如指出here

來源

2016-06-21 16:50:33 MilanM

+0

[此鏈接](https://support.microsoft.com/en-us/help/3061518/ms15-055-vulnerability-in-schannel-could-allow-information-disclosure-may-12,-2015)是提到MS技術討論爲什麼DH 512支持被刪除。 –

4

這意味着其他方面使用tls的另一個版本,你是一個較舊的版本。 建立連接之前,將安全屬性設置爲Tls12。 這是衆所周知的問題,許多供應商開始使用Tls12貝寶,亞馬遜等。

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

來源

2017-04-05 18:16:28

相關問題

 相關問題