I have an application named “LeafTest” which has Server Edition and Client Edition. The server Service is “Mss.exe” which is running under account “stepup” account which I checked from “services.msc” and system configuration is 2003 server 32bit standard edition with SP2. But yesterday means November 20 it suddenly stopped , I don’t know what is the reason behind it.
When I checked my application logs I can see these errors just before it reported service stopped
The entries in event log are
Following error also i can see somewhere
Event ID ( 8500 ) in Source ( LeafTest)
cannot be found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote computer.
When I go0gled somewhere its mentioning my application may not be installed properly or registered or I need to work with registry. Can any body tell me what will be the reason behind the service stpped by reading logs which i have posted
A service may halt if there is an unhandled exception. Check that you are handling all exceptions. Also, if the service uses any COM objects I have, in the past, had exceptions that could not be caught in my .NET 2.0 applications.
Related
I am building a Windows service app using Delphi , RAD Studio 10
Upon my investigation I came across with a Eset Windows service which wonderfully was protecting itself from being Stopped or terminated.
On stopping the service using (windows service manager) or (end process button)
or (end task button) following error messages occurs :
The operation couldn't be completed.
access denied.
same thing is true with its registry keys . The error message is :
Can not delete info: Error while deleting key
I tested Administrator access and system access. in both cases i was not successful.
I want to build such self-defense mechanism for my own application protecting my service and registry key.
Any idea would be helpful.
Thank you for your time.
update :
I want to know how i can do it in Delphi ... that's why it is tagged Delphi
and If someone wants to stop the service or uninstall it ....
he or she can just use my own applications UI to do it.
edit 2 :
As Remko mentioned I thnk DACL and ACL is better way to handle it , I couldn't find any good reference for it. Is there any good reference for Delphi language?
Protecting from SCM stop is very easy. Assuming you are using TService, you can handle the TService.OnStop event and set its Stopped parameter to False. And assign an error code to the TService.ErrCode or TService.Win32ErrCode property.
Unless you are writing security software, you really should not protect from TaskManager termination. Admins should be allowed to kill misbehaving processes. That being said, you can use SetSecurityInfo() to assign a DACL to your service process that grants/denies access to particular users and/or groups as needed.
You can also use ChangeServiceConfig2() to configure your service's "failure actions" to restart the service if it terminates unexpectedly.
To protect your Registry key, you can use the lpSecurityAttributes parameter of RegCreateKeyEx(), or use the RegSetKeySecurity() function, to assign a SECURITY_DESCRIPTOR to your key that contains a DACL that grants/denies access to particular users and/or groups as needed.
I have a windows service installed on a machine running Windows 2008 which automatically stops every night between 2300-0100 hrs.
In the eventviewer I get "dsac.exe.config" file changed. Apart from this I also get the below error in event viewer:
The description for Event ID 1001 from
source Windows Error Reporting cannot
be found. Either the component that
raises this event is not installed on
your local computer or the
installation is corrupted. You can
install or repair the component on the
local computer.
If the event originated on another
computer, the display information had
to be saved with the event.
The following information was included
with the event:
0 CLR20r3 Not available 0
wsbestfarefinder.exe
337.0.0.0 4d8b67b0 Ttl.BestFareFinder.Harvester
337.0.0.0 4d8b67af 301 6 System.TypeInitialization
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wsbestfarefinder_74e68497d40658e979de885388289e269c39c_c41e675c
0 9a6e7446-661e-11e0-9ac4-005056bc2f52
4
The handle is invalid
Based on KB article 2462585,
Active Directory Administrative Center (Dsac.exe) to manage Active Directory Domain Services (AD DS) objects
That suggests that between those times, something is changing the .config file for dsac.exe. Whether this is relevant to your service or not is something that I suspect is unlikely. You can try to determine this though.
In your development/test/staging environment (you do have one, or all of those, right? :) start your service running and then change the dsac.exe.config file. Does this cause your service to stop? If yes, work out what's causing it to be changed in your production environment.
All that said, I don't think the change to dsac.exe.config is the issue, or at best it's a symptom and not the cause Your service is encountering an exception, specifically a TypeInitializationException at some point in the night. You need to improve your logging and exception handling to get to the root cause of this. Start by hooking the AppDomain.UnhandledException event, logging any exceptions and ensuring that you ship .pdb files with your service.
I have a set of legacy Delphi 6 aplications that are out of process COM servers. In attempting to run these programs as a normal domain user on Windows I see them when running up (without any command line arguments or switches) attempting to update chunks of HKEY_CURRENT_CLASSES. this fails due to lac of permission to the HKCR hive. It appears that the act of running a Delphi 6 COM server causes it to attempt to register its embedded COM types with the system registry.
I do not want this behavior normally. We would do this once during install under and adminatrative account to initalise the COM registry, but would not want to do this under normal running conditions of a non adminastrative account. (if you moniroy the system with sys internals process monitor you can see the failed registry key access attempts).
Is there a command line switch I can pass to a Delphi 6 COM server to prevent this automatic COM registrtion logic?
I don't think you're actually seeing what you think you are...
Delphi only tries to install COM servers if they haven't already been installed. I suspect what you're seeing is your application checking to see if it's registered yet or not. The reason you're seeing the failures is because back in Delphi 6 the registry key would have been opened with ALL_ACCESS rights (D6 was prior to XP/Vista/Win7), and I think that's what's causing your failed registry access attempts.
In answer to your question, though: No, there's no command line switch to prevent the automatic registration logic.
It will always try to register the server from TComServer.Initialize unless the startup parameter is /UNREGSERVER which will remove the registry settings. If the startup parameter is /REGSERVER you will get an exception if the registration failed otherwise it will just swallow the exception. Automatic registration of out-proc COM servers has been removed in later version of Delphi. The only option you have to remove this behavior in Delphi 6 is to modify TComServer.Inititalize to only register the server when FStartMode is smRegServer or smUnregServer.
If I try to terminate the Borland SocketServer application for Delphi 2009 the message above appears.
The application window remains open and I can only terminate the application in the task manager.
Operating system is Windows 2000 Professional SP4
The same error also occurs with the Delphi 2007 version of scktsrvr
scktsrvr attempts to store its settings under HKEY_LOCAL_MACHINE\SOFTWARE\Borland\Socket Server registry key which probably fails under a limited user account. Try running it as administrator, or as a service.
Edit: you can also modify it to use HKEY_CURRENT_USER, for example. It comes with source code.
Run the socketserver as a service, and add the proper permission to the registry key the service user needs to set. Remember that the user you use to run the SocketServer is important. The server acts like a proxy, and in turn call the DCOM server that implements the remote server. Unless changed, the user of the connecting process is used for DCOM security, thereby you have to ensure the right user is used, or you may lead to big vulnerabilities.
Earlier today we experienced a YSOD on one of our MVC sites running on IIS on Windows Server 2003.
Usually, these are reported via e-mail using ELMAH (using this setup), but since this was a compilation issue (of some sort), it did not get reported via e-mail.
The specific error was:
"The directory 'App_GlobalResources'
is not allowed because the application
is precompiled."
This is a major problem, since a potential customer could notice the problem before we do. How can we make sure these YSODs are logged, when the exception handler on the site is not called?
It is possible to monitor the event log with VBScript. You could then email this when it occurs:
Here's an example:
http://www.microsoft.com/technet/scriptcenter/resources/qanda/feb07/hey0226.mspx
and email from vbscript:
http://www.paulsadowski.com/WSH/cdo.htm
You could do this with powershell and/or another .net app on the box also.
If you can, check the event viewer on that machine. This is the logger of last resort on a Windows machine.