Got an interesting one, likely due to a local/domain security policy, but I need to know how.where this would be set (AD?)?
I am working on a customer provided 2008 server, installing a specific product. This product reaches out periodically to the vendors license server to ensure the customer is properly licensed. This communicates over TCP 443 and transfers a simple xml file.
This all of the sudden broke. I noted, that the license server address is fully accessible via a web browser (it is a HTTPS page, so this is a 'legitimate test' according to the vendor. So, I began running packet captures and and all going through logs. What I found, is that the service was/is utilizing the loopback interface (127.0.01) when reaching out to the server.
So, as a test, I took a local admin (non-domain) account and ahd the licensing service run under that account, as opposed to a local system account. Voila! I can now register, and in my captures and log files I see that we are using the proper interface IP.
So, TL;DR, is there a setting, either via local security or domain policies that could sandbox the service accounts to the localhost/loopback? I could see this as being useful, and the customer is in a high-security environment, but doesn't have the greatest grasp on their Domain polices.
I will also note that they normally force a web proxy. The local account I was using was not having that applied (but the same should be said about the local service account)