Biztalk WMI Core....not NTLM friendly?
Biztalk 2004 WMI Core classes provide one stop API to manage the Biztalk Server without have to worry about what database to connect, tables, etc.
Upon the use of Biztalk 2004 WMI classes, I found several things that I still haven't found the workaround, or maybe there are no workaroung...grrrr..:~.
The scenario is like this
1. Network authentication is NTLM
2. 1 Biztalk Server Machine only contain the biztalk server
3. 1 Database Server Machine which all the biztalk database reside.
The WMI classes will work fine if you execute it in the same machine with Biztalk Server, because biztalk WMI talks with database using connection that use SSPI which require an impersonation of the user who access it, and NTLM only support impersonation for 1 network hoop only, which means from the machine you access the WMI classes to biztalk machine to database server machine must consist max 2 machine.
So when you try access the wmi classes from another machine outside biztalk machine for this scenario...it will fail, because by then we have 2 network hoop, one for your machine to biztalk server, and one for biztalk server to database server.
To solve this issue, there's 2 options:
1. Change the network authentication to Kerberos, but you will stumbled on an arogant Network Administrator...that will say.."Heck no...,it will change the entire company's network"...ssshhh...Do these guys know what they talking about?...duh..:p
2. Change the database connection of the biztalk server so it won't use the SSPI, but where? again MSDN didn't have any clue about this...like they used too...:p.
About option 2, looks like I have to meet my best friend...the long black night in papua...to give you any answer for that...:((
Upon the use of Biztalk 2004 WMI classes, I found several things that I still haven't found the workaround, or maybe there are no workaroung...grrrr..:~.
The scenario is like this
1. Network authentication is NTLM
2. 1 Biztalk Server Machine only contain the biztalk server
3. 1 Database Server Machine which all the biztalk database reside.
The WMI classes will work fine if you execute it in the same machine with Biztalk Server, because biztalk WMI talks with database using connection that use SSPI which require an impersonation of the user who access it, and NTLM only support impersonation for 1 network hoop only, which means from the machine you access the WMI classes to biztalk machine to database server machine must consist max 2 machine.
So when you try access the wmi classes from another machine outside biztalk machine for this scenario...it will fail, because by then we have 2 network hoop, one for your machine to biztalk server, and one for biztalk server to database server.
To solve this issue, there's 2 options:
1. Change the network authentication to Kerberos, but you will stumbled on an arogant Network Administrator...that will say.."Heck no...,it will change the entire company's network"...ssshhh...Do these guys know what they talking about?...duh..:p
2. Change the database connection of the biztalk server so it won't use the SSPI, but where? again MSDN didn't have any clue about this...like they used too...:p.
About option 2, looks like I have to meet my best friend...the long black night in papua...to give you any answer for that...:((
posted by om wok at 9:42 PM
1 Comments:
Dasar lelet... gw butuh dua kali baca tulisan ini baru bisa ngerti :D
Post a Comment
<< Home