T 
		
								
				
				
			
		todd_groten
Alright, I've been searching around for some time and have not been
able to find anything concrete on fixing an issue I am having. Here's
the situation:
1) I have a non-anonymous webservice running on a w2k3ee sp1 server
2) I am behind a corporate firewall, but was able to get our network
services group to punch a hole at port 80 through.
3) I'm running the webservice using an impersonation to the service
account and have the pool configured to run under this account, as
well.
4) My webservice needs to go out and time stamp files, using an
external TSA, sorta like Verisign's or Comodo's Time Stamp Authority
URL.
5) The webservice executes perfectly, when a service account is logged
in on the console, however, it ceases to function when logged off.
6) (I think this is the crux of my issue...)Once the svc account has
logged in, the service runs fine without that user logged in, until the
Kerberos ticket expires and it tries to renew itself and can't grab the
user, b/c it's not logged in.
I've tried several different scenarios of having the service and/or web
site run as alternate values. (localsystem, local service, network
service, Domain service account and local service account) I've made
the accounts local admins on the box and have run ProxyCFG in both
direct mode and with current user configurations. I've also run
through different levels of impersonation (machine.config &
web.config).
Has anyone out there run into this type of issue, where the service
needs to make an external web call? I'm quite perplexed and pulling
out what's left of my hair.
Thanks,
-TGroten
				
			able to find anything concrete on fixing an issue I am having. Here's
the situation:
1) I have a non-anonymous webservice running on a w2k3ee sp1 server
2) I am behind a corporate firewall, but was able to get our network
services group to punch a hole at port 80 through.
3) I'm running the webservice using an impersonation to the service
account and have the pool configured to run under this account, as
well.
4) My webservice needs to go out and time stamp files, using an
external TSA, sorta like Verisign's or Comodo's Time Stamp Authority
URL.
5) The webservice executes perfectly, when a service account is logged
in on the console, however, it ceases to function when logged off.
6) (I think this is the crux of my issue...)Once the svc account has
logged in, the service runs fine without that user logged in, until the
Kerberos ticket expires and it tries to renew itself and can't grab the
user, b/c it's not logged in.
I've tried several different scenarios of having the service and/or web
site run as alternate values. (localsystem, local service, network
service, Domain service account and local service account) I've made
the accounts local admins on the box and have run ProxyCFG in both
direct mode and with current user configurations. I've also run
through different levels of impersonation (machine.config &
web.config).
Has anyone out there run into this type of issue, where the service
needs to make an external web call? I'm quite perplexed and pulling
out what's left of my hair.

Thanks,
-TGroten
