Alexnaldo Santos

Hi,

I have a service with "message security".

When I try to connect to server I receive this error :

"The security time is invalid because its creation time "15/01/2007 13:39:40" is in the future. Current time is "15/01/2007 13:34:27" and allowed clock skew is "00:05:00"

The date/time in both (Client and Server) are same and isn't "13:" but "10". In the server is "en-US" and in the client "pt-BR" so GMT -3 is correct from client but I'm using the same date/time in both. Why WCF uses it if we can connect from diferrent culture with diferent data/time

In others computer all work fine...one using "pt-BR" and other "en-US".

Regards,
Alexnaldo



Re: Windows Communication Foundation (Indigo) Security timestamp problem

Sajay - MSFT

Could Turn on tracing on the client to see the time that its sending as the time stamp.




Re: Windows Communication Foundation (Indigo) Security timestamp problem

Alexnaldo Santos

Hi,

The problem continue....

Here's a link for all message ( server ) http://www.netwatts.com.br/temp/wcf_log.zip
Here's a link for all message ( client ) http://www.netwatts.com.br/temp/wcf_log_client.zip

Regards,
Alexnaldo Santos





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Alexnaldo Santos

Hi,

Does anybody know why the timestamp can create a problem for the communication

Regards,
Alexnaldo Santos





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Todd West

It's a scalability issue.  The required nonce cache duration for replay detection is proportional to the allowed clock skew.  If a message is replayed within the clock skew tolerance then it must be contained in the nonce cache to be rejected as a replay.  If the replay occurs beyond the clock skew tolerance then the message will be rejected has having an invalid timestamp and the nonce cache does not need to be consulted.  This keeps the nonce cache's size bounded.

The error message formatting you mention is a known bug and is fixed in Orcas.





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Alexnaldo Santos

Hi,

Is it possible to uses Orcas in a production environment

Regards,
Alexnado Santos





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Todd West

See the Orcas January CTP page: "We designed this release to enable developers try out new technology and product changes, but not to build production systems."





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Alexnaldo Santos

I have a software using WCF RTM that have the bug about timestamp security. How I can solve this problem

Where I can download a Service Pack to solve this bug "Orcas" is beta

Regards,
Alexnaldo Santos





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Todd West

Can you describe what bug you're referring to It's not clear from the above post; are you sure you don't just need to fix the clocks on the machines or change maxClockSkew



Re: Windows Communication Foundation (Indigo) Security timestamp problem

Alexnaldo Santos

Simple,

1) I have a WCF Service running on my remote Server that uses `en-US` as local culture... GMT +2
2) I have a WCF client that uses `pt-BR` as local culture... GMT -3

Problem: the Server time will be never equals to my Client, so the security raise an error about 'clock skew'....as you can in the above posts..

Another problem is that in Brazil we can uses 'pt-BR' but differents city have diferrents timers

My communication ONLY work if my Server and Client have SAME timer. It's a big problem for WCF... I don't know if 'Orcas' fix it but it is beta and I'm using WCF in a production environment.

I'm using TCP with security 'message'.

Regards,
Alexnaldo Santos





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Alexnaldo Santos

Can anyone help me with this problem



Re: Windows Communication Foundation (Indigo) Security timestamp problem

Todd West

Alexnaldo Santos wrote:
My communication ONLY work if my Server and Client have SAME timer.

What, precisely, does "same timer" mean





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Alexnaldo Santos

Client timer ~= Server timer. Example: If my client clock is 14:00:00, my Server must >= 13:55:00 and <= 14:05:00 .





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Todd West

That's correct. Have you either 1) corrected the clocks to be within 5 minutes of UTC or 2) increased the clock skew to something greater than the error between the two clocks

I guess it's also possible you're hitting a variation of this issue.





Re: Windows Communication Foundation (Indigo) Security timestamp problem

Alexnaldo Santos

1) corrected the clocks to be within 5 minutes of UTC

It is not possible because in Brazil we have city with differents clocks but both using the same culture( pt-BR ), so UTC is -3 only for global issue...

Why do I need to increse clock skew for a communication What value to work with all cultures with differents clocks

Any other protocol for communication doesn't need it...