I have an application that can run both as windows service or stand-alone console. It is deployed remotely, on my client's servers. When I remote desktop into the server, I use the same domain account that is used to run the windows service configuration of my application. Therefore, running the application as windows service or console is done absolutely under the same credentials. Or is it? The problem is that my console throws the "Access to Message Queuing system is denied" exception while the windows service doesn't have any issues with this. All the functionality of the application that accesses the MSMQ system is encapsulated into a .dll that is used by both the windows service and the console, so again, there should be no difference.
Any ideas as to what should I change?
I made a Windows Service that interact with MSMQ (a stupid data exchange application with no requirement regarding security).
I had to disable un-authenticated RPC calls using the Message Queuing properties pane in Computer management to make it work. Otherwise it throws System.Messaging.MessageQueueException (0x80004005): Access to Message Queuing system is denied.
Also the service run under Local System (which I remember is by default)
The user under which the service/console is executing should have access to MSMQ.
Please check if this is the case or not in your instance.
Related
I have following applications:
1. Azure cloud application (mvc mobile web application)
2. Service Bus Relay application(currently console application)
In this user interacts with the cloud application and then I'm sending data to the relay service which we are going to host it in client premises. Right now all the data interactions are fine. I'm able to save and receive data.
As it is a console app it always run as a command prompt. I would like to convert service bus relay application as a windows service so that I won't get this command prompt window. Our client doesn't want command prompt to be run in their server. Is it possible to convert it as a service? or is there is any other way to do it? I see all the examples using console applications.
Please help.
If you're running your app in a Virtual Machine or Cloud Service (web/worker role), you can indeed install a Windows Service. You'd just have to code up the Windows Service shell (start/stop/etc) and incorporate Service Bus code.
If you're running your code as a Web App (in an App Service), then no, you cannot install a Windows Service, as App Service doesn't let you install such software (since everything runs in a sandbox).
I'm not sure if this is proper place for such question (maybe should be placed on SuperUser?), but I'll try.
I have one C# console application and one Windows service. Both does the same, but console app was created before and is kept for backward compatibility. Each of these is running WCF service, whose methods operates on files in C:\ProgramData\MyApp. Console app is run as limited user (non-admin), Windows service runs as NT AUTHORITY\NETWORK SERVICE. When app creates some dirs/files, service cannot delete it and vice versa.
I would like to have it secured. My question is: should I grant full permissions on C:\ProgramData\MyApp to NETWORK SERVICE and current user? Or should I create dedicated user for running service/app?
Assuming your application does not set explicit security permission on newly created files, granting Network Service account Delete permissions on the folder would solve your immediate problem.
This command will do the work:
icacls c:\ProgramData\MyApp /t /grant "NETWORK SERVICE":(OI)(CI)(IO)D
Repeat the same for your other user service account.
I have a legacy DCOM server and client application both written in Delphi v6. The DCOM server is currently configured to run once and service all clients. The main reason for it running once is that the server provides an interface to an accounts application and must logon and can only do this once for a given user name.
Our customer now wants to upgrade their server to Windows Server 2008 R2 leaving the clients on Windows XP but I have been unable to replicate the current set-up.
The current set up that I can get to work on a test rig is slightly odd!
I have to configure DCOM settings to allow remote launch or I get access denied on the client
If the DCOM server is not already running, when the client tries to connect to it I get server execution failed.
If the server is running and the launch permission is set to allow remote launch, the client starts a new instance of the DCOM server rather than using the instance already started. This then causes problems in the accounts application as the same user tries to logon which is not allowed.
If I close the DCOM server running on the server, the client happily works away with its own instance. I cannot see the DCOM servers main form though as its running in the background (can see it in task manager)
I've found various articles to do with this problem but nothing so far has worked. These include running the DCOM server as administrator, not running the DCOM server as administrator, allowing COM+ in the firewall, adding the DCOM server to the firewall, the DCOM server located in SysWOW64, using the 32 bit version of DCOMCNFG, etc.
Now not sure where to go...
Thanks for any help
Simon
DCOM default permissions has changed in XP SP2 and 2003 SP1. You'll need to configure the properly to make your service running properly. Usually, unless you implement the DCOM server in a service (something Delphi doesn't allow due to limited DCOM support), the DCOM server is started when a user connects, and that's why you may need the "remote launch" permissions.
Moreover a DCOM server may be started in the context of a given user, the interactive user (must be avoided for remote clients!), or the launching user. What mode are you using? - if it is set to "launching user" it will always create a new instance. How was your server instanced before the new OS? How is its class factory implemented?
See here for some interesting information about DCOM and Delphi implementations.
BTW:
Never run your DCOM server with Administrators privileges unless it really needs it. Otherwise you can create a security hole.
If a firewall is present, both the RPC endpoint port and the ports configured for DCOM must be opened to the calling clients.
Don't mess system directories with your application. There's no need, if your app works only there you have a privileges misconfiguration, and you won't solve it properly putting files where they don't belong to.
I have a console application which i need to host as an independant windows service.
Any idea how to do that. I was able to register the service but when i try to start it, it gives me error :
Error 1053: the service did not respond to the start or control request in a timely fashion.
Services have to call specific WIN32 APIs to integrate with the Service Control Manager (SCM). This includes being able to receive service commands like stop).
An executable that doesn't call these APIs shortly after startup won't work. Ie. a service needs to be specifically written to be a service. (Note, in .NET this is done by extending ServiceBase rather than P/Invoking the Win32 APIs).
If you cannot modify the exe you have, consider creating a separate service exe that integrates with the SCM and launches/closes your console application.
I have designed a simple windows service in .NET 2.0.
I am trying to deploy it on my local machine. I have switched to design view, and setup ServiceInstaller and ServiceProcessInstaller objects. There is a Project Installer. I have also wrapped the Windows Service into a .NET setup project and install it, leaving an .exe in the specified directory.
I have fired up cmd and entered the path to installutil. This works fine, but then I typeinstallutil and the full path to the service, in Visual Studio command prompt, and this does not work (I've also tried installutil /i and all sorts of things out of desperation). The permissions are local system (extensive).
Any ideas what I am doing wrong? For those here who have installed Windows Services, what was your methodology to install the service?
Thanks
We actually create an installer built into our application. It's a console app that has a command line to install/uninstall the server as well as run as a service or in console mode.
See this article on a Self Installing Service for some details. I like this method as it provides flexibility.
DESCRIPTION:
SC is a command line program used for communicating with the
NT Service Controller and services.
USAGE:
sc [command] [service name] ...
The option has the form "\\ServerName"
Further help on commands can be obtained by typing: "sc [command]"
Commands:
query-----------Queries the status for a service, or
enumerates the status for types of services.
queryex---------Queries the extended status for a service, or
enumerates the status for types of services.
start-----------Starts a service.
pause-----------Sends a PAUSE control request to a service.
interrogate-----Sends an INTERROGATE control request to a service.
continue--------Sends a CONTINUE control request to a service.
stop------------Sends a STOP request to a service.
config----------Changes the configuration of a service (persistant).
description-----Changes the description of a service.
failure---------Changes the actions taken by a service upon failure.
qc--------------Queries the configuration information for a service.
qdescription----Queries the description for a service.
qfailure--------Queries the actions taken by a service upon failure.
delete----------Deletes a service (from the registry).
create----------Creates a service. (adds it to the registry).
control---------Sends a control to a service.
sdshow----------Displays a service's security descriptor.
sdset-----------Sets a service's security descriptor.
GetDisplayName--Gets the DisplayName for a service.
GetKeyName------Gets the ServiceKeyName for a service.
EnumDepend------Enumerates Service Dependencies.
The following commands don't require a service name:
sc
boot------------(ok | bad) Indicates whether the last boot should
be saved as the last-known-good boot configuration
Lock------------Locks the Service Database
QueryLock-------Queries the LockStatus for the SCManager Database
EXAMPLE:
sc start MyService
Here's another reference specific to .NET services.
http://bytes.com/forum/thread739857.html
I'm calling installutil in my setup package and it works for me just fine.
That'd be great if you posted an error message that you're getting when running installutil.