Problem
Since upgrading to Windows 11 24H2 on their client PC’s, our customers complain that they cannot use our C# client application (DTC) anymore.
The DTC application was running fine on a previous Windows 11 version (and on any other OS).
Our DTC application is in place for a long time with multiple released versions where the latest is released in June 2024 without any issues.
DTC is a C# application using .NET Remoting from .NET Framework 4.8 to communicate with a Server using a secure TCP-client-channel.
When running DTC on W11-24H2 execution of any .NET remoting method (defined on the interface) results in a security exception:
“Description: Either the target name is incorrect or the server has rejected the client credentials”
It seems related to the credentials (username/password) used in the client channel properties.
In our case the client attempts to connect to the server as an anonymous (empty username/password) user (NT AUTHORITY\ANONYMOUS LOGON).
We looked on the internet (and asked Copilot) for solutions but could not find a satisfy
Note that the DTC application did run correctly before upgrading to Windows 11 24H2 !!
Question
Is there any setting (registry/policy etc.) within Windows 11 24H2 to resolve this and get DTC operational again?
Maybe another approach to use (anonymous) credentials in setting up a secure Client-TCP-channel?
An answer is very appreciated and would solve our customers issues on short terms.
Additional Info
The DTC C# code snippet creating the secure client channel:
IDictionary sinkProperties = new Hashtable();
sinkProperties["typeFilterLevel"] = "Full";
BinaryClientFormatterSinkProvider binaryClientFormatterSinkProvider = new BinaryClientFormatterSinkProvider(sinkProperties, providerData: null);
IDictionary channelProperties = new Hashtable();
channelProperties["timeout"] = timeoutSeconds * 1000;
channelProperties["username"] = "";
channelProperties["password"] = "";
channelProperties["name"] = "secured";
_clientTcpChannelSecured = new TcpClientChannel(channelProperties, binaryClientFormatterSinkProvider);
ChannelServices.RegisterChannel(_clientTcpChannelSecured, ensureSecurity: true);
The configuration file on server side contains:
<system.runtime.remoting>
<application name="RemotingService">
<lifetime leaseTime="20D" sponsorshipTimeout="1H" renewOnCallTime="1D" leaseManagerPollTime="1H" />
<service>
<wellknown type="RemotingService.ClientRemote, RemotingService.WinService" objectUri="ClientRemote" mode="SingleCall" displayName="Remoting Service" />
</service>
<channels>
<channel name="secured" ref="tcp" secure="true" port="8087">
<serverProviders>
<formatter ref="binary" typeFilterLevel="Full" />
</serverProviders>
</channel>
</channels>
</application>
</system.runtime.remoting>
Regards,
Henk van der Vaart - NEC Nederland B.V.