Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
DotNet
acad.assignment.mngr
academic
adonet
aspnet
aspnet.announcements
aspnet.build.controls
aspnet.caching
aspnet.datagridcontrol
aspnet.mobile
aspnet.security
aspnet.webcontrols
aspnet.webservices
clr
compactframework
component_services
datatools
distributed_apps
drawing
faqs
framework
framework.wmi
general
internationalization
interop
languages.csharp
languages.jscript
languages.vb
languages.vb.controls
languages.vb.data
languages.vb.upgrade
languages.vc
languages.vc.libraries
myservices
odbcnet
performance
remoting
scripting
sdk
security
setup
vjsharp
vsa
webservi.enhancements
webservices
windowsforms
windowsforms.controls
winforms.databinding
winforms.designtime
xml
  
 
date: Wed, 7 May 2008 22:05:00 -0700,    group: microsoft.public.dotnet.security        back       


Trouble running .Net Service as LocalSystem    
I have a C++ .Net Windows Service application that is deployed at several 
customer sites.  The application starts, and works perfectly at all of the 
sites, except one.  At one site the service will not start.  They are running 
a Windows 2003 server.  The error message is “Error 1053: The service did not 
respond to the start or control request in a timely fashion”.

However, the service will start if I change the “Log on” account property 
from LocalSystem to the Admin account.  This is the only site that I have to 
run the application under the Admin account.  The customer does not want to 
run the service using the Admin account.

In addition, a native C++ service application starts with no problems.  I am 
guessing it is a .Net security setting.  This site is more secure than the 
others, so I believe they may have changed some settings on the server.  

Is there a particular security setting that I need to update in order to get 
the service to run as LocalSystem?
date: Wed, 7 May 2008 22:05:00 -0700   author:   gallan am

RE: Trouble running .Net Service as LocalSystem    
Update to my question:

The application is signed with a Verisign ID.  It appears that if we run an 
unsigned version of the application, the application starts and runs fine.  
The server with the problem is behind a proxy server.

We would like to continue signing our code.  Is there something we can 
update to fix this problem?
date: Fri, 9 May 2008 07:47:00 -0700   author:   gallan am

RE: Trouble running .Net Service as LocalSystem    
=?Utf-8?B?Z2FsbGFu?= <gallan@newsgroups.nospam> wrote in
news:622458D4-455F-47A8-9D47-14263D198BC8@microsoft.com: 

> The application is signed with a Verisign ID.  It appears that if we
> run an unsigned version of the application, the application starts and
> runs fine.  The server with the problem is behind a proxy server.

To determine whether the Authenticode signature is valid, the system needs 
to contact a Certificate Revocation List server.

I guess LocalSystem doesn't have access to that CRL server (due to the 
proxy, or for another reason). In that case assembly loading is delayed, 
causing your service to exceed its allotted startup time.

If you're on .NET 3.5, <generatePublisherEvidence> may come to the rescue 
(http://msdn.microsoft.com/en-us/library/bb629393.aspx).
Otherwise, I would suggest looking into proxy permissions for LocalSystem. 
I think you can also disable CRL checking, but that's probably not a good 
idea for LocalSystem...

-- 
Arnout.
date: Fri, 09 May 2008 08:53:20 -0700   author:   Arnout Grootveld am

RE: Trouble running .Net Service as LocalSystem    
Nothing like following up to your own posts, but hey...

>> The application is signed with a Verisign ID.  It appears that if we
>> run an unsigned version of the application, the application starts
>> and runs fine.  The server with the problem is behind a proxy server.
> 
> To determine whether the Authenticode signature is valid, the system
> needs to contact a Certificate Revocation List server.
> 
> I guess LocalSystem doesn't have access to that CRL server (due to the
> proxy, or for another reason). In that case assembly loading is
> delayed, causing your service to exceed its allotted startup time.
> 
> If you're on .NET 3.5, <generatePublisherEvidence> may come to the
> rescue (http://msdn.microsoft.com/en-us/library/bb629393.aspx).
> Otherwise, I would suggest looking into proxy permissions for
> LocalSystem. I think you can also disable CRL checking, but that's
> probably not a good idea for LocalSystem...

I just found out that support for <generatePublisherEvidence> is also 
available as a hotfix for 2.0 (http://support.microsoft.com/kb/936707), and 
is part of 2.0 SP1.

-- 
Arnout.
date: Tue, 13 May 2008 12:09:54 -0700   author:   Arnout Grootveld am

RE: Trouble running .Net Service as LocalSystem    
Thanks for your help.  In addition to having a secure environment, this 
client also has three meetings before performing one test, so things take a 
while.

You put me on the right path.  I found this article about signed components 
failing when there is no network connectivity.  It seems that the Service 
Manager does not allow enough time for the Authenticode code to timeout.  
After increasing the timeout value, we were able to start the service.

http://support.microsoft.com/kb/941990
date: Sun, 18 May 2008 19:49:00 -0700   author:   gallan am

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us