.NET Remoting and ISA Server

[Donald Xie]

Hi,

I'm working on a project using .NET remoting (Framework
1.1 and Visual Studio 2003). The simplified scenario is
as follows:

1. The server is exposed as
http://MyServer:8088/MyRemotingServer.soap on a Windows
Server 2003 Standard;

2. The client connects to the server using
Activator.GetObject(), all clients run on Windows
2000/XP/2003.

This works well in our development environment on a LAN.
Now we need to let clients to connect to the server
through Internet, so clients can connect through a URL
such as http://www.MyCompany.Com/MyRemotingServer.soap.

Our LAN is protected by an ISA Server, and web servers
are on different machines to the ISA Server. What we have
done on ISA are:

1. Create a Destination Set with Name/IP Range
www.MyCompany.com and Path MyRemotingService.soap;

2. Create an Action with

2a. Redirect requests to internal web server (we specify
the internal IP address for the web server since it's
currently configured as a standalone server, i.e., it
doesn't belong to the main domain - not sure whether this
has anything to do with the problem);

2b. Define ports when Bridging request: 8088.

This configuration does not work as the client fails to
connect to the server. We are able to access some sample
HTML files on this server from outside using a similar
pair of DestinationSet/Action so we know ISA can redirect
requests to this server.

I suspect that we've missed something, but we are
struggling. Can anyone help?

Thanks in advance,

Donald Xie

 

[Donald Xie]

Sorry, I forgot to attach the error message for the
connection problem:

System.Runtime.Remoting.RemotingException: Cannot load
type clr:IMyInterface, MyAssembly.

Server stack trace:
at
System.Runtime.Remoting.Messaging.MethodCall.ResolveMethod
(Boolean bThrowIfNotResolved)
at
System.Runtime.Remoting.Messaging.MethodCall.HeaderHandler
(Header[] h)
at
System.Runtime.Serialization.Formatters.Soap.ObjectReader.
ParseObject(ParseRecord pr)
at
System.Runtime.Serialization.Formatters.Soap.ObjectReader.
Parse(ParseRecord pr)
at
System.Runtime.Serialization.Formatters.Soap.SoapHandler.S
tartChildren()
at
System.Runtime.Serialization.Formatters.Soap.SoapParser.Pa
rseXml()
at
System.Runtime.Serialization.Formatters.Soap.SoapParser.Ru
n()
at
System.Runtime.Serialization.Formatters.Soap.ObjectReader.
Deserialize(HeaderHandler handler, ISerParser serParser)
at
System.Runtime.Serialization.Formatters.Soap.SoapFormatter
..Deserialize(Stream serializationStream, HeaderHandler
handler)
at
System.Runtime.Remoting.Channels.SoapServerFormatterSink.P
rocessMessage(IServerChannelSinkStack sinkStack, IMessage
requestMsg, ITransportHeaders requestHeaders, Stream
requestStream, IMessage& responseMsg, ITransportHeaders&
responseHeaders, Stream& responseStream)

Thanks,
Donald Xie

 

[Yan-Hong Huang[MSFT]]

Hello Donald,

Please refer to http://msdn.microsoft.com/architecture/application/default.aspx?pull=/library/en-
us/dnnetsec/html/SecNetch11.asp#secnetch11_passingcredentialsforauthentication for how to pass credentials for
authentication to remote objects.

BTW, in the future, it would be best to post these questions in the following newsgroup.

Microsoft.public.dotnet.framework.remoting

All .NET remoting issues, configuration and other questions are posted in the newsgroup above.

The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other
partners who the newsgroups regularly can either share their knowledge or learn from your interaction with us. Also, this is to
make sure that the responders can better track the problem Thank you for your understanding.

Thanks again for using Microsoft MSDN Newsgroups.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!Content-Class: urn:content-classes:message
!From: "Donald Xie" <[email protected]>
!Sender: "Donald Xie" <[email protected]>
!References: <[email protected]>
!Subject: .NET Remoting and ISA Server - Error Message
!Date: Tue, 19 Aug 2003 21:24:06 -0700
!Lines: 99
!Message-ID: <[email protected]>
!MIME-Version: 1.0
!Content-Type: text/plain;
! charset="iso-8859-1"
!Content-Transfer-Encoding: 7bit
!X-Newsreader: Microsoft CDO for Windows 2000
!Thread-Index: AcNm0uTO+6onlQn9Qj6uqCxOfRtXqA==
!X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
!Newsgroups: microsoft.public.dotnet.framework
!Path: cpmsftngxa06.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework:51668
!NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
!X-Tomcat-NG: microsoft.public.dotnet.framework
!
!Sorry, I forgot to attach the error message for the
!connection problem:
!
!System.Runtime.Remoting.RemotingException: Cannot load
!type clr:IMyInterface, MyAssembly.
!
!Server stack trace:
! at
!System.Runtime.Remoting.Messaging.MethodCall.ResolveMethod
!(Boolean bThrowIfNotResolved)
! at
!System.Runtime.Remoting.Messaging.MethodCall.HeaderHandler
!(Header[] h)
! at
!System.Runtime.Serialization.Formatters.Soap.ObjectReader.
!ParseObject(ParseRecord pr)
! at
!System.Runtime.Serialization.Formatters.Soap.ObjectReader.
!Parse(ParseRecord pr)
! at
!System.Runtime.Serialization.Formatters.Soap.SoapHandler.S
!tartChildren()
! at
!System.Runtime.Serialization.Formatters.Soap.SoapParser.Pa
!rseXml()
! at
!System.Runtime.Serialization.Formatters.Soap.SoapParser.Ru
!n()
! at
!System.Runtime.Serialization.Formatters.Soap.ObjectReader.
!Deserialize(HeaderHandler handler, ISerParser serParser)
! at
!System.Runtime.Serialization.Formatters.Soap.SoapFormatter
!.Deserialize(Stream serializationStream, HeaderHandler
!handler)
! at
!System.Runtime.Remoting.Channels.SoapServerFormatterSink.P
!rocessMessage(IServerChannelSinkStack sinkStack, IMessage
!requestMsg, ITransportHeaders requestHeaders, Stream
!requestStream, IMessage& responseMsg, ITransportHeaders&
!responseHeaders, Stream& responseStream)
!
!Thanks,
!Donald Xie
!
!>-----Original Message-----
!>Hi,
!>
!>I'm working on a project using .NET remoting (Framework
!>1.1 and Visual Studio 2003). The simplified scenario is
!>as follows:
!>
!>1. The server is exposed as
!>http://MyServer:8088/MyRemotingServer.soap on a Windows
!>Server 2003 Standard;
!>
!>2. The client connects to the server using
!>Activator.GetObject(), all clients run on Windows
!>2000/XP/2003.
!>
!>This works well in our development environment on a LAN.
!>Now we need to let clients to connect to the server
!>through Internet, so clients can connect through a URL
!>such as http://www.MyCompany.Com/MyRemotingServer.soap.
!>
!>Our LAN is protected by an ISA Server, and web servers
!>are on different machines to the ISA Server. What we
!have
!>done on ISA are:
!>
!>1. Create a Destination Set with Name/IP Range
!>www.MyCompany.com and Path MyRemotingService.soap;
!>
!>2. Create an Action with
!>
!>2a. Redirect requests to internal web server (we specify
!>the internal IP address for the web server since it's
!>currently configured as a standalone server, i.e., it
!>doesn't belong to the main domain - not sure whether
!this
!>has anything to do with the problem);
!>
!>2b. Define ports when Bridging request: 8088.
!>
!>This configuration does not work as the client fails to
!>connect to the server. We are able to access some sample
!>HTML files on this server from outside using a similar
!>pair of DestinationSet/Action so we know ISA can
!redirect
!>requests to this server.
!>
!>I suspect that we've missed something, but we are
!>struggling. Can anyone help?
!>
!>Thanks in advance,
!>
!>Donald Xie
!>.
!>
!

 

[Donald Xie]

Hi Yanhong,

Thanks for replying. I've read the article but it doesn't
appear to solve our problem. Here is a recap of the
problem with a bit more details, hopefully this makes it
a bit clearer:

1. The Remoting application I'm working on consists of
several subsystems. Conceptually we have a server and a
client.

2. The server is implemented as a Windows Service running
under LocalSystem and exposed as
http://MyServer:8088/MyRemotingServer.soap on a Windows
Server 2003 Standard;

3. The IIS where the remoting server is hosted doesn't
require authentication (it allows anonymous access
because the server will be accessible to the public). In
addition, the server runs as a standalone server, i.e.,
it doesn't belong to the main domain;

4. The client connects to the server using
Activator.GetObject(), all clients run on Windows
2000/XP/2003.

This works well in our development environment on a LAN.
Now we need to let clients to connect to the server
through Internet, so clients can connect through a URL
such as http://www.MyCompany.com/MyRemotingServer.soap.

Our LAN is protected by an ISA Server, and web servers
are on different machines to the ISA Server. What we have
done on ISA are:

1. Create a Destination Set with Name/IP Range
www.MyCompany.com and Path MyRemotingService.soap;

2. Create an Action with

2a. Redirect requests to internal web server (we specify
the internal IP address for the web server);

2b. Define ports when Bridging request: 8088.

This configuration does not work as the client fails to
connect to the server. We are able to access some sample
HTML files on this server from outside using a similar
pair of DestinationSet/Action so we know ISA can redirect
requests to this server.

My theory is that there are some settings we haven't done
right on the ISA server, since the application works in a
LAN. However, this being my first attempt, I have several
questions:

1. Am I correct that this is an ISA issue? If so, have I
set it up correctly? Is there anything I can check?
2. If this is more likely an application configuration
issue, what remoting settings I should check to ensure
that we have done it correctly?

If I can provide more details, please let me know. I
didn't want to make this a huge message for now.

I have indeed posted the same question to the
framework.remoting group, but have not received any
response yet. The reason why I posted it here is that I
thought that posting to a managed group gives me a better
chance of getting responses from your guys at Microsoft.

Thanks again,
Donald Xie

 

[Yan-Hong Huang[MSFT]]

Hello Donald,

Could you test it with a simple remoting app that is hosting in IIS so that
it will use port 80.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;312107

Is the remote object a CAO or SAO? If it is CAO then the server may send
objref to the client and this objref can contain internal IP that external
clients(out side firewall) will not be able to resolve. If that is the case
use machineName as a channel propery in the server config file and specify
the server name that the client can resolve.

I also noticed that you have posted a new thread and Joe answered you. Did
his answer resolve the problem?

Thanks.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!Content-Class: urn:content-classes:message
!From: "Donald Xie" <[email protected]>
!Sender: "Donald Xie" <[email protected]>
!References: <[email protected]>
<[email protected]>
<[email protected]>
!Subject: RE: .NET Remoting and ISA Server
!Date: Wed, 20 Aug 2003 23:39:16 -0700
!Lines: 74
!Message-ID: <[email protected]>
!MIME-Version: 1.0
!Content-Type: text/plain;
! charset="iso-8859-1"
!Content-Transfer-Encoding: 7bit
!X-Newsreader: Microsoft CDO for Windows 2000
!X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
!Thread-Index: AcNnrvEmnawHRUlhQx+LiqDSqUkiyQ==
!Newsgroups: microsoft.public.dotnet.framework
!Path: cpmsftngxa06.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework:51779
!NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
!X-Tomcat-NG: microsoft.public.dotnet.framework
!
!Hi Yanhong,
!
!Thanks for replying. I've read the article but it doesn't
!appear to solve our problem. Here is a recap of the
!problem with a bit more details, hopefully this makes it
!a bit clearer:
!
!1. The Remoting application I'm working on consists of
!several subsystems. Conceptually we have a server and a
!client.
!
!2. The server is implemented as a Windows Service running
!under LocalSystem and exposed as
!http://MyServer:8088/MyRemotingServer.soap on a Windows
!Server 2003 Standard;
!
!3. The IIS where the remoting server is hosted doesn't
!require authentication (it allows anonymous access
!because the server will be accessible to the public). In
!addition, the server runs as a standalone server, i.e.,
!it doesn't belong to the main domain;
!
!4. The client connects to the server using
!Activator.GetObject(), all clients run on Windows
!2000/XP/2003.
!
!This works well in our development environment on a LAN.
!Now we need to let clients to connect to the server
!through Internet, so clients can connect through a URL
!such as http://www.MyCompany.com/MyRemotingServer.soap.
!
!Our LAN is protected by an ISA Server, and web servers
!are on different machines to the ISA Server. What we have
!done on ISA are:
!
!1. Create a Destination Set with Name/IP Range
!www.MyCompany.com and Path MyRemotingService.soap;
!
!2. Create an Action with
!
!2a. Redirect requests to internal web server (we specify
!the internal IP address for the web server);
!
!2b. Define ports when Bridging request: 8088.
!
!This configuration does not work as the client fails to
!connect to the server. We are able to access some sample
!HTML files on this server from outside using a similar
!pair of DestinationSet/Action so we know ISA can redirect
!requests to this server.
!
!My theory is that there are some settings we haven't done
!right on the ISA server, since the application works in a
!LAN. However, this being my first attempt, I have several
!questions:
!
!1. Am I correct that this is an ISA issue? If so, have I
!set it up correctly? Is there anything I can check?
!2. If this is more likely an application configuration
!issue, what remoting settings I should check to ensure
!that we have done it correctly?
!
!If I can provide more details, please let me know. I
!didn't want to make this a huge message for now.
!
!I have indeed posted the same question to the
!framework.remoting group, but have not received any
!response yet. The reason why I posted it here is that I
!thought that posting to a managed group gives me a better
!chance of getting responses from your guys at Microsoft.
!
!Thanks again,
!Donald Xie
!
!

 

[Yan-Hong Huang[MSFT]]

Hello Donald,

That is good. It is a good topic on .NET remoting. I will keep an eye on
this thread and look forward to your testing result.

Thanks.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!Content-Class: urn:content-classes:message
!From: "Donald Xie" <[email protected]>
!Sender: "Donald Xie" <[email protected]>
!References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
!Subject: RE: .NET Remoting and ISA Server
!Date: Mon, 25 Aug 2003 02:13:44 -0700
!Lines: 186
!Message-ID: <[email protected]>
!MIME-Version: 1.0
!Content-Type: text/plain;
! charset="iso-8859-1"
!Content-Transfer-Encoding: 7bit
!X-Newsreader: Microsoft CDO for Windows 2000
!X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
!Thread-Index: AcNq6S8tyC9QWw8cS2q7MuFu1TulwQ==
!Newsgroups: microsoft.public.dotnet.framework
!Path: cpmsftngxa06.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework:52106
!NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
!X-Tomcat-NG: microsoft.public.dotnet.framework
!
!I've just tried, the client can't access it.
!Interestingly, I was able to query its WSDL definition
!using IE, but not connect through the test client. As
!this is a CAO, I tried adding <channel ref="http"
!machineName="www.MyCompany.com">. but it didn't make any
!difference.
!
!In my real project, the remote object is a Singleton SAO
!instantiated when the Windows Service starts. I did try
!to add the machineName channel attribute, but (obviously
!perhaps) it didn't make any difference.
!
!After spending so many hours on it, I now think that the
!problem actually is at the ISA server. What I didn't
!realize before is that our ISA is setup to authenticate
!(!) all incoming requests, which would stop my remoting
!client from connecting... Unfortunately our network admin
!is having a major problem in his hands, so I will have to
!wait until tomorrow before being able to try anything on
!the ISA server. I'll get back to you once I find out more.
!
!On the subject of my URL question on the other thread,
!Joe's reply seems to confirm that it's possible, but I
!haven't been able to get it work. It was just one of the
!things I was trying out of desperation, so I'll have to
!leave it for now.
!
!Thanks a lot!
!
!Donald Xie
!
!
!
!
!
!
!>-----Original Message-----
!>Hello Donald,
!>
!>Could you test it with a simple remoting app that is
!hosting in IIS so that
!>it will use port 80.
!>http://support.microsoft.com/default.aspx?scid=KB;EN-
!US;312107
!>
!>Is the remote object a CAO or SAO? If it is CAO then the
!server may send
!>objref to the client and this objref can contain
!internal IP that external
!>clients(out side firewall) will not be able to resolve.
!If that is the case
!>use machineName as a channel propery in the server
!config file and specify
!>the server name that the client can resolve.
!>
!>I also noticed that you have posted a new thread and Joe
!answered you. Did
!>his answer resolve the problem?
!>
!>Thanks.
!>
!>Best regards,
!>Yanhong Huang
!>Microsoft Online Partner Support
!>
!>Get Secure! - www.microsoft.com/security
!>This posting is provided "AS IS" with no warranties, and
!confers no rights.
!>
!>--------------------
!>!Content-Class: urn:content-classes:message
!>!From: "Donald Xie" <[email protected]>
!>!Sender: "Donald Xie" <[email protected]>
!>!References: <[email protected]>
!><[email protected]>
!><[email protected]>
!>!Subject: RE: .NET Remoting and ISA Server
!>!Date: Wed, 20 Aug 2003 23:39:16 -0700
!>!Lines: 74
!>!Message-ID: <[email protected]>
!>!MIME-Version: 1.0
!>!Content-Type: text/plain;
!>! charset="iso-8859-1"
!>!Content-Transfer-Encoding: 7bit
!>!X-Newsreader: Microsoft CDO for Windows 2000
!>!X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
!>!Thread-Index: AcNnrvEmnawHRUlhQx+LiqDSqUkiyQ==
!>!Newsgroups: microsoft.public.dotnet.framework
!>!Path: cpmsftngxa06.phx.gbl
!>!Xref: cpmsftngxa06.phx.gbl
!microsoft.public.dotnet.framework:51779
!>!NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
!>!X-Tomcat-NG: microsoft.public.dotnet.framework
!>!
!>!Hi Yanhong,
!>!
!>!Thanks for replying. I've read the article but it
!doesn't
!>!appear to solve our problem. Here is a recap of the
!>!problem with a bit more details, hopefully this makes
!it
!>!a bit clearer:
!>!
!>!1. The Remoting application I'm working on consists of
!>!several subsystems. Conceptually we have a server and a
!>!client.
!>!
!>!2. The server is implemented as a Windows Service
!running
!>!under LocalSystem and exposed as
!>!http://MyServer:8088/MyRemotingServer.soap on a Windows
!>!Server 2003 Standard;
!>!
!>!3. The IIS where the remoting server is hosted doesn't
!>!require authentication (it allows anonymous access
!>!because the server will be accessible to the public).
!In
!>!addition, the server runs as a standalone server, i.e.,
!>!it doesn't belong to the main domain;
!>!
!>!4. The client connects to the server using
!>!Activator.GetObject(), all clients run on Windows
!>!2000/XP/2003.
!>!
!>!This works well in our development environment on a
!LAN.
!>!Now we need to let clients to connect to the server
!>!through Internet, so clients can connect through a URL
!>!such as http://www.MyCompany.com/MyRemotingServer.soap.
!>!
!>!Our LAN is protected by an ISA Server, and web servers
!>!are on different machines to the ISA Server. What we
!have
!>!done on ISA are:
!>!
!>!1. Create a Destination Set with Name/IP Range
!>!www.MyCompany.com and Path MyRemotingService.soap;
!>!
!>!2. Create an Action with
!>!
!>!2a. Redirect requests to internal web server (we
!specify
!>!the internal IP address for the web server);
!>!
!>!2b. Define ports when Bridging request: 8088.
!>!
!>!This configuration does not work as the client fails to
!>!connect to the server. We are able to access some
!sample
!>!HTML files on this server from outside using a similar
!>!pair of DestinationSet/Action so we know ISA can
!redirect
!>!requests to this server.
!>!
!>!My theory is that there are some settings we haven't
!done
!>!right on the ISA server, since the application works in
!a
!>!LAN. However, this being my first attempt, I have
!several
!>!questions:
!>!
!>!1. Am I correct that this is an ISA issue? If so, have
!I
!>!set it up correctly? Is there anything I can check?
!>!2. If this is more likely an application configuration
!>!issue, what remoting settings I should check to ensure
!>!that we have done it correctly?
!>!
!>!If I can provide more details, please let me know. I
!>!didn't want to make this a huge message for now.
!>!
!>!I have indeed posted the same question to the
!>!framework.remoting group, but have not received any
!>!response yet. The reason why I posted it here is that I
!>!thought that posting to a managed group gives me a
!better
!>!chance of getting responses from your guys at Microsoft.
!>!
!>!Thanks again,
!>!Donald Xie
!>!
!>!
!>
!>.
!>
!