A call to SSPI failed GSSAPI operation failed with error - An invalid status code was supplied (SPNEGO cannot find mechanisms to negotiate)

Question

I'm building an ASP.NET Core WebApi application that will be client of WCF services application that work on Windows machine. This is my service client class:

public class VITServicesClient : ServicesClient, IDisposable
{

    static SpnEndpointIdentity spn = new SpnEndpointIdentity("BtaIntercardSPN");
    static EndpointIdentity endPointIdent = (spn as EndpointIdentity);
    static readonly NetTcpBinding binding;
    public static string Address { get; set; }


    private static AddressHeader addressHeader1 = AddressHeader.CreateAddressHeader("specialservice1", "http://localhost:8000/service", 1);
    private static AddressHeader addressHeader2 = AddressHeader.CreateAddressHeader("specialservice2", "http://localhost:8000/service", 2);
    private static AddressHeader[] addressHeaders = new AddressHeader[2] { addressHeader1, addressHeader2 };

    static VITServicesClient()
    {
        binding = new NetTcpBinding(SecurityMode.Transport);
        binding.Name = "NetTcpBinding";
        TcpTransportSecurity transportSecurity = new TcpTransportSecurity();
        transportSecurity.SslProtocols = SslProtocols.Tls12;
        transportSecurity.ClientCredentialType = TcpClientCredentialType.Windows;
        binding.Security.Mode = SecurityMode.Transport;
        binding.Security.Transport = transportSecurity;
        binding.SendTimeout = new TimeSpan(0, 3, 0);
        binding.MaxReceivedMessageSize = 1024 * 1024 * 100; //100MB max message size            
    }

    public VITServicesClient() : base (binding, new EndpointAddress(new Uri(Address+":31716/IServices"), endPointIdent, addressHeaders))
    {
    }


    public void Dispose()
    {
    }

}

And this is the web controller that executes a wcf service method:

public async Task<string> GetDocumentByCountryCode(string countryCode)
    {
        try
        {                
            VITServicesClient.Address = "net.tcp://10.64.4.61";
            using (var service = new VITServicesClient())
            {
                var result = await service.GetDocumentSamplesByCountryCodeAsync(countryCode.ToString(), 1);
                return (result as DocumentSamplesData[])[0].document_code;
            }                
        }
        catch (Exception ex)
        {
            return "failed " + ex.Message + ex.InnerException.InnerException.Message;
        }
        
    }

When I run the client application under Windows there is no problem, but when I deploy the application on Ubuntu 16.04 and run it and when it tries to connect to the WCF Service on the Windows machine there I'm getting that exception - A call to SSPI failed, see inner exception.GSSAPI operation failed with error - An invalid status code was supplied (SPNEGO cannot find mechanisms to negotiate)

I searched about that problem and there must be some issue with kerberos authentication in Windows. Can the problem be in the configuration that i'm using in my code, or there could be an options in the Ubuntu that must be changed.

Answer 1

You must install gss-ntlmssp on linux to fix that problem, use the command below

sudo apt-get update && apt-get install -y --no-install-recommends gss-ntlmssp