473,320 Members | 2,020 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

problems starting a Network service

Hi,
I have a service written in c# that I need to run as a "Network
Service". I am using a setup project to install the service.
If I install the service in User's Personal Folder, I get the following
error:
"Could not start the <servicenameservice on Local Computer. Error 5:
Access is denied."

If I install the service in ProgramFiles folder, I get the following
error:
"The <servicenameservice on Local Computer started and then stopped.
Some services stop automatically if they have no work to do"

The service runs fine under the "Local System" account.

Jan 2 '07 #1
16 5546
Well, have you tried getting your service to tell you what is wrong?
perhaps catch some exceptions and log the real error to the event log?
It would also help to know what your service is attempting to do...
for instance, if it is trying to log onto a protected resource using
the NT identity, then note that it will be using the *computer*
identity (via "network service"), and not the identity of any user. If
you need protected access, one option is to run as a specific user.

Marc
Jan 2 '07 #2

Marc Gravell wrote:
Well, have you tried getting your service to tell you what is wrong?
perhaps catch some exceptions and log the real error to the event log?
It would also help to know what your service is attempting to do...
for instance, if it is trying to log onto a protected resource using
the NT identity, then note that it will be using the *computer*
identity (via "network service"), and not the identity of any user. If
you need protected access, one option is to run as a specific user.

Marc
Hi Marc,
I gave the exception handler. The exception caught is
InvalidOperationException if the service is installed in user's
Personal folder. If the service is installed in Program Files folder,
then the exception caught is TimeOutException.
I tried to start the service from the Service Controller Manager. The
behavior is the same.
Thanks for the response

Jan 2 '07 #3
You haven't really indicated what your service might be attempting to
do... if you are (as you suggest) successfully catching exceptions in
your managed code, then some clue as to what the exception handler
*surrounds* will probably tell you what isn't working...

Marc
Jan 2 '07 #4
Hi,

"sunil" <sa**********@gmail.comwrote in message
news:11**********************@a3g2000cwd.googlegro ups.com...
Hi Marc,
I gave the exception handler. The exception caught is
InvalidOperationException if the service is installed in user's
Personal folder.
Well this is pretty evidend, you are not installing it under an user account
but under network service.
>If the service is installed in Program Files folder,
then the exception caught is TimeOutException.
I tried to start the service from the Service Controller Manager. The
behavior is the same.
Can you post some code? at least the code you use in the onStart method
--
Ignacio Machin
machin AT laceupsolutions com
Jan 2 '07 #5

Marc Gravell wrote:
You haven't really indicated what your service might be attempting to
do... if you are (as you suggest) successfully catching exceptions in
your managed code, then some clue as to what the exception handler
*surrounds* will probably tell you what isn't working...

Marc
Hi Marc,
In the onstart() method, I am trying to open a configuration file(XML
file) and then based on the content of the files, I initialize few
things. I am not accessing any other resource other than the
configuration file
May be, I can understand the reason for the failure in the case where I
installed the service in user's personal data folder(access denied is
being thrown).
But if the service is to be installed in program files folder, why is
it that the error is thrown
Thanks for the response

Jan 2 '07 #6
"sunil" <sa**********@gmail.comwrote in message
news:11**********************@n51g2000cwc.googlegr oups.com...
>
Marc Gravell wrote:
>You haven't really indicated what your service might be attempting to
do... if you are (as you suggest) successfully catching exceptions in
your managed code, then some clue as to what the exception handler
*surrounds* will probably tell you what isn't working...

Marc

Hi Marc,
In the onstart() method, I am trying to open a configuration file(XML
file) and then based on the content of the files, I initialize few
things. I am not accessing any other resource other than the
configuration file
May be, I can understand the reason for the failure in the case where I
installed the service in user's personal data folder(access denied is
being thrown).
But if the service is to be installed in program files folder, why is
it that the error is thrown
Thanks for the response
OnStart has to start a "service thread" and return within 30 seconds. As far as I
understand, your service is not a service, actually it does nothing else than reading a file
and block or simply return from OnStart. When it blocks, the SCM will time-out, when it
returns whithout having a service thread running it will stop with this :
error:
"The <servicenameservice on Local Computer started and then stopped.
Some services stop automatically if they have no work to do"

Willy.

Jan 2 '07 #7

Hi all,
thanks everybody for giving such valuable inputs.
I have noticed that, if I install the network service in ProgramFiles
folder, the application log entry showed:
Service cannot be started. System.UnauthorizedAccessException: Access
to the path 'C:\Program Files\MyService\error.txt' is denied.
Actually what I am doing is to write to a text file, that the
configuration file is loaded. If the text file is not there, I create
it. I think this is where the error occurs.
I tried to create the text file before installing the service, and gave
full control to Users group manually, then there is no problem at all.
The service started successfully.
Basing on this, how can I create a text file,if it does not exist, and
give write permissions to Users group from my program

Thanks once again for the help

Jan 3 '07 #8
"sunil" <sa**********@gmail.comwrote in message
news:11**********************@k21g2000cwa.googlegr oups.com...
>
Hi all,
thanks everybody for giving such valuable inputs.
I have noticed that, if I install the network service in ProgramFiles
folder, the application log entry showed:
Service cannot be started. System.UnauthorizedAccessException: Access
to the path 'C:\Program Files\MyService\error.txt' is denied.
Actually what I am doing is to write to a text file, that the
configuration file is loaded. If the text file is not there, I create
it. I think this is where the error occurs.
I tried to create the text file before installing the service, and gave
full control to Users group manually, then there is no problem at all.
The service started successfully.
Basing on this, how can I create a text file,if it does not exist, and
give write permissions to Users group from my program

Thanks once again for the help

The "local service" account has no write access privileges to the "program files" and it's
sub-dirs, so you'll have to grant Write access privileges for "local service" to 'C:\Program
Files\MyService before you can create files into this path.

Willy.
Jan 3 '07 #9
>
The "local service" account has no write access privileges to the "program files" and it's
sub-dirs, so you'll have to grant Write access privileges for "local service" to 'C:\Program
Files\MyService before you can create files into this path.

Willy.

Hi,
can you tell me how to do it? or may be direct me to some articles
which discuss it
thanks for the help

Jan 3 '07 #10
"sunil" <sa**********@gmail.comwrote in message
news:11**********************@42g2000cwt.googlegro ups.com...
>
>>
The "local service" account has no write access privileges to the "program files" and
it's
sub-dirs, so you'll have to grant Write access privileges for "local service" to
'C:\Program
Files\MyService before you can create files into this path.

Willy.


Hi,
can you tell me how to do it? or may be direct me to some articles
which discuss it
thanks for the help

The easiest is by running the cacls.exe command-line tool.
Running this:
cacls "C:\Program Files\MyService" /E /G "nt authority\network service:W"
will edit the ACE and add write perms. to network service to the folder "C:\Program
Files\MyService".

run help cacls to see all options.

Willy.

Jan 3 '07 #11
The easiest is by running the cacls.exe command-line tool.
Running this:
cacls "C:\Program Files\MyService" /E /G "nt authority\network service:W"
will edit the ACE and add write perms. to network service to the folder "C:\Program
Files\MyService".

run help cacls to see all options.

Willy.
Hi,
I tried that from my command-line, changed the access list and then
started my service. It worked great.
But since I do not know what will be the installation folder
beforehand, I have to change the access list from my program. How do I
do this? I have tried using:

Process myProcess = new Process();
myProcess.StartInfo.FileName = "cacls.exe";
myProcess.StartInfo.Arguments = @"C:\Program Files\MyService" + "/E /G"
+
@"nt
authority\network service:W";
myProcess.Start();
myProcess.WaitForExit();

But this doesn't seem to change the access list. please help me
thanks for the valuable time you have spent for me

Jan 4 '07 #12
The easiest is by running the cacls.exe command-line tool.
Running this:
cacls "C:\Program Files\MyService" /E /G "nt authority\network service:W"
will edit the ACE and add write perms. to network service to the folder "C:\Program
Files\MyService".

run help cacls to see all options.

Willy.
Hi,
I tried that from my command-line, changed the access list and then
started my service. It worked great.
But since I do not know what will be the installation folder
beforehand, I have to change the access list from my program. How do I
do this? I have tried using:

Process myProcess = new Process();
myProcess.StartInfo.FileName = "cacls.exe";
myProcess.StartInfo.Arguments = @"C:\Program Files\MyService" + "/E /G
"
+ @"nt authority\network service:W";
myProcess.StartInfo.UseShellExecute = false;
myProcess.StartInfo.RedirectStandardOutput = true;
myProcess.Start();
EventLog.WriteEntry(sSource, myProcess.StandardOutput.ReadToEnd());
myProcess.WaitForExit();

There seems to be a problem. From my application log, I found out that
it is waiting for my reply.
The response written is:Are you sure(y/n)?
How can I send an answer as "y" from my program.
please help me
thanks for the valuable time you have spent for me

Jan 4 '07 #13
"sunil" <sa**********@gmail.comwrote in message
news:11**********************@31g2000cwt.googlegro ups.com...
>
>The easiest is by running the cacls.exe command-line tool.
Running this:
cacls "C:\Program Files\MyService" /E /G "nt authority\network service:W"
will edit the ACE and add write perms. to network service to the folder "C:\Program
Files\MyService".

run help cacls to see all options.

Willy.

Hi,
I tried that from my command-line, changed the access list and then
started my service. It worked great.
But since I do not know what will be the installation folder
beforehand, I have to change the access list from my program. How do I
do this? I have tried using:

Process myProcess = new Process();
myProcess.StartInfo.FileName = "cacls.exe";
myProcess.StartInfo.Arguments = @"C:\Program Files\MyService" + "/E /G
"
+ @"nt authority\network service:W";
myProcess.StartInfo.UseShellExecute = false;
myProcess.StartInfo.RedirectStandardOutput = true;
myProcess.Start();
EventLog.WriteEntry(sSource, myProcess.StandardOutput.ReadToEnd());
myProcess.WaitForExit();

There seems to be a problem. From my application log, I found out that
it is waiting for my reply.
The response written is:Are you sure(y/n)?
How can I send an answer as "y" from my program.
please help me
thanks for the valuable time you have spent for me

Well you could redirect stdin and send it a "y" followed by a return, but I hate this idea,
simply because you need a user to interpret the real question.
Much better is do it using the V2 System.Security.AccessControl namespace.
Following is how you could proceed.....

using System.Security.AccessControl;
....

string authority = "nt authority";
string account= "network service";
string path = @"c:\program files\...............";
string identity = String.Format(@"{0}\{1}",
authority , account);
DirectoryInfo di = new DirectoryInfo(path);
DirectorySecurity ds = di.GetAccessControl(AccessControlSections.All);
FileSystemAccessRule fsaRule =
new FileSystemAccessRule(identity , FileSystemRights.Write,
AccessControlType.Allow);
ds.AddAccessRule(fsaRule);
di.SetAccessControl(ds);
....

Willy.
Jan 4 '07 #14
>
Well you could redirect stdin and send it a "y" followed by a return, but I hate this idea,
simply because you need a user to interpret the real question.
Much better is do it using the V2 System.Security.AccessControl namespace.
Following is how you could proceed.....

using System.Security.AccessControl;
...

string authority = "nt authority";
string account= "network service";
string path = @"c:\program files\...............";
string identity = String.Format(@"{0}\{1}",
authority , account);
DirectoryInfo di = new DirectoryInfo(path);
DirectorySecurity ds = di.GetAccessControl(AccessControlSections.All);
FileSystemAccessRule fsaRule =
new FileSystemAccessRule(identity , FileSystemRights.Write,
AccessControlType.Allow);
ds.AddAccessRule(fsaRule);
di.SetAccessControl(ds);
...

Willy.
Hi,
I had tried out the second suggestion that you have made. It didn't
work out for me.The stack trace is:
Service cannot be started.
System.Security.AccessControl.PrivilegeNotHeldExce ption: The process
does not possess the 'SeSecurityPrivilege' privilege which is required
for this operation.
at System.Security.AccessControl.Win32.GetSecurityInf o(ResourceType
resourceType, String name, SafeHandle handle, AccessControlSections
accessControlSections, RawSecurityDescriptor& resultSd)
at
System.Security.AccessControl.NativeObjectSecurity .CreateInternal(ResourceType
resourceType, Boolean isContainer, String name, SafeHandle handle,
AccessControlSections includeSections, Boolean createByName,
ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
at System.Security.AccessControl.FileSystemSecurity.. ctor(Boolean
isContainer, String name, AccessControlSections includeSections,
Boolean isDirectory)
at System.Security.AccessControl.DirectorySecurity..c tor(String
name, AccessControlSections includeSections)
at System.IO.DirectoryInfo.GetAccessControl(AccessCon trolSections
includeSections)
For the first suggestion that you have given, I had redirected the
standard input and passed a "y", but the service never entered
"running" state. It is always in StartPending state.
Also the eventlog entries are not being written properly(only the first
one is written)

Process myProcess = new Process();
string accountName = "\"nt authority\\network service\":F";
string argument = '"' +
Directory.GetParent(Assembly.GetExecutingAssembly( ).Location).FullName
+ '"' + @"/E" + @" /G " + accountName;
myProcess.StartInfo.FileName = "cacls";
myProcess.StartInfo.Arguments = argument;
EventLog.WriteEntry(sSource, argument);
myProcess.StartInfo.UseShellExecute = false;
myProcess.StartInfo.RedirectStandardOutput = true;
myProcess.StartInfo.RedirectStandardInput = true;
myProcess.StartInfo.RedirectStandardError = true;

myProcess.StartInfo.CreateNoWindow = true;
myProcess.Start();
EventLog.WriteEntry(sSource,
myProcess.StandardOutput.ReadToEnd());

myProcess.StandardInput.WriteLine("y");
EventLog.WriteEntry(sSource,
myProcess.StandardOutput.ReadToEnd());
EventLog.WriteEntry(sSource,
myProcess.StandardError.ReadToEnd());

myProcess.WaitForExit();

EventLog.WriteEntry(sSource,"Changed the Access Control
list");

service never seemed to have started successfully.
Thanks for all the help and valuable insights you have given me.

Jan 5 '07 #15
"sunil" <sa**********@gmail.comwrote in message
news:11*********************@11g2000cwr.googlegrou ps.com...
>
>>
Well you could redirect stdin and send it a "y" followed by a return, but I hate this
idea,
simply because you need a user to interpret the real question.
Much better is do it using the V2 System.Security.AccessControl namespace.
Following is how you could proceed.....

using System.Security.AccessControl;
...

string authority = "nt authority";
string account= "network service";
string path = @"c:\program files\...............";
string identity = String.Format(@"{0}\{1}",
authority , account);
DirectoryInfo di = new DirectoryInfo(path);
DirectorySecurity ds = di.GetAccessControl(AccessControlSections.All);
FileSystemAccessRule fsaRule =
new FileSystemAccessRule(identity , FileSystemRights.Write,
AccessControlType.Allow);
ds.AddAccessRule(fsaRule);
di.SetAccessControl(ds);
...

Willy.

Hi,
I had tried out the second suggestion that you have made. It didn't
work out for me.The stack trace is:
Service cannot be started.
System.Security.AccessControl.PrivilegeNotHeldExce ption: The process
does not possess the 'SeSecurityPrivilege' privilege which is required
for this operation.
at System.Security.AccessControl.Win32.GetSecurityInf o(ResourceType
resourceType, String name, SafeHandle handle, AccessControlSections
accessControlSections, RawSecurityDescriptor& resultSd)
at
System.Security.AccessControl.NativeObjectSecurity .CreateInternal(ResourceType
resourceType, Boolean isContainer, String name, SafeHandle handle,
AccessControlSections includeSections, Boolean createByName,
ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
at System.Security.AccessControl.FileSystemSecurity.. ctor(Boolean
isContainer, String name, AccessControlSections includeSections,
Boolean isDirectory)
at System.Security.AccessControl.DirectorySecurity..c tor(String
name, AccessControlSections includeSections)
at System.IO.DirectoryInfo.GetAccessControl(AccessCon trolSections
includeSections)
For the first suggestion that you have given, I had redirected the
standard input and passed a "y", but the service never entered
"running" state. It is always in StartPending state.
Also the eventlog entries are not being written properly(only the first
one is written)

Process myProcess = new Process();
string accountName = "\"nt authority\\network service\":F";
string argument = '"' +
Directory.GetParent(Assembly.GetExecutingAssembly( ).Location).FullName
+ '"' + @"/E" + @" /G " + accountName;
myProcess.StartInfo.FileName = "cacls";
myProcess.StartInfo.Arguments = argument;
EventLog.WriteEntry(sSource, argument);
myProcess.StartInfo.UseShellExecute = false;
myProcess.StartInfo.RedirectStandardOutput = true;
myProcess.StartInfo.RedirectStandardInput = true;
myProcess.StartInfo.RedirectStandardError = true;

myProcess.StartInfo.CreateNoWindow = true;
myProcess.Start();
EventLog.WriteEntry(sSource,
myProcess.StandardOutput.ReadToEnd());

myProcess.StandardInput.WriteLine("y");
EventLog.WriteEntry(sSource,
myProcess.StandardOutput.ReadToEnd());
EventLog.WriteEntry(sSource,
myProcess.StandardError.ReadToEnd());

myProcess.WaitForExit();

EventLog.WriteEntry(sSource,"Changed the Access Control
list");

service never seemed to have started successfully.
Thanks for all the help and valuable insights you have given me.


But you can't do this from your service, this is something that should be done from the
service "installer". Your service runs as a non privileged user 'network service" and you
try to execute commands only allowed by administrators. Services should NEVER EVER consider
having these privileges.

Willy.
Jan 5 '07 #16
>
But you can't do this from your service, this is something that should be done from the
service "installer". Your service runs as a non privileged user 'network service" and you
try to execute commands only allowed by administrators. Services should NEVER EVER consider
having these privileges.

Willy.
Hi,
Thank you for all the help. I have learned lot of things from these
conversations. I have made a huge progress.
I have added the following code to the ProjectInstaller.cs:

string authority = "nt authority";
string account = "network service";
string identity = String.Format(@"{0}\{1}", authority, account);

DirectoryInfo di = new DirectoryInfo(@"C:\Program Files\MyService");
DirectorySecurity ds = di.GetAccessControl(AccessControlSections.All);
FileSystemAccessRule fsaRule =
new FileSystemAccessRule(identity,
FileSystemRights.Write,

AccessControlType.Allow);
ds.AddAccessRule(fsaRule);
di.SetAccessControl(ds);

And it works now successfully.But I have a small question regarding the
path.
As you can see, the path that I gave(which is the default installation
folder) is complete path. But if the users installs the service at
different location, then I have a problem. I have to give permissions
to "that" folder. How do I do this?

One more question :Since only admins can change the security settings,
how do I specify that admin privileges are required to install the
application.
Thank you

Jan 6 '07 #17

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
by: Marc Hoeve | last post by:
Hi everybody I'm setting up 2 websites for a friend of mine, en I'm have problems with one of the sites. The situation: I have 2 different domains (both in the .NL domain). Both domains...
0
by: pillbug22 | last post by:
Hi everyone I am trying to write a fairly simple VB.NET service (use a timer to poll a network location for a file, if file exists, send message) The service correctly start, stops, runs the...
5
by: Scott | last post by:
I have a customer that had developed an Access97 application to track their business information. The application grew significantly and they used the Upsizing Wizard to move the tables to SQL...
5
by: Van Nguyen via DotNetMonster.com | last post by:
My app run at 2 modes: Windows and Service. At Windows mode, my app works fine but at service mode, I can not use CreateDirectory command to create a new directory on server. Ex:...
1
by: Astera | last post by:
I seem to be having a problem using web parts after the beta 2 release. Any time I try to have the WebPartManager on any page, I get the exception listed below. I've gone through the steps listed...
4
by: Nijazi Halimaji | last post by:
Hi newsgroup I have some problems with my service which is using ODBC-Connections. My service is executed as a local system (I tried already every other account type, even the domain-admin) ...
8
by: Kevin D. | last post by:
Please note, I already posted this on the MySQL official forum, but received no response. I thought I'd try again in another location. My apologies to anyone reading this twice... Despite...
8
by: Mike Owen | last post by:
Hi, I am using the following code to send email on a Windows 2003 Web Server: Imports System.Net.Mail ........ Dim msgmail As New MailMessage msgmail.To.Add(New...
3
by: Earl Anderson | last post by:
One of the users in our departmental db has Read/Write permissions to a particular form. He was able to access and edit the form at will until 2 weeks ago. His current problem was that he was not...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.