We are migrating IIS web services from a Win2016 on-prem server to a Win2019 server in the Cloud.
I need AppFabric 1.1 for WCF services so I installed it on the Win2019 server. Problem: every time the AppFabric Workflow Management service is started, one of my service account get locked in the Active Directory.
The apparent reason:
- This service account is used as Physical Path Credentials in the web service website Advanced settings.
- When started, the AppFabric Workflow Management service open all web.config to search for WCF configuration (I think).
- It uses the Physical Path Credentials identity to do so if one is defined.
- In my case, the password is encrypted using the CNG Data Encryption Providers, which is new to IIS10.
- It seems that AppFabric decipher the password with the wrong provider, get the wrong password and lock the account after a couple of retries.
Hence my question: is AppFabric 1.1 compatible with CNG Data Encryption Providers in IIS 10?
Any hint will be much appreciated.
Many thanks!
AppFabric 1.1 is NOT compatible with CNG Data Encryption Providers in IIS 10.
We had to re-enter the passwords of the service accounts we use in IIS. Problem: we lost many of them.
What saved us: we can list all the passwords defined in ApplicationHost.config *** IN CLEAR *** with this command:
Hope this help.