I've a website that puts info into a mySQL database and a windows service (written in VB.Net) that polls the db and actions what's in there.
However, occasionally it stalls and rather than having to RDP into the server, I want superusers to click on a button to restart the service.
I can get the button to say, do a directory listing of c:\ output to a test file so the whole 'getting a command to execute on a remote server' issue works. However, I can't restart services.
I assume this is a security thing (although it has full rights to c:\ I thought I'd sussed that already).
The website runs under the normal IUSR_user so am I doing something really stupid or can someone explain how to get the service to be restarted ?
Many thanks
Adrian
I think a significantly bigger problem is that you have a service that's stalling. Do you have any logs or errors that the service outputs to that you could use to diagnose why it's stalling?
I'd write a service that restarts selected services and call that from my website, just for fun!
It seems that you need to give the user permissions on the specific service. The simplest way to do this (in my view) is to use subinacl.exe from the Windows Resource Kit.
subinacl.exe /service MySQL /Grant=IUSR_user
I'm would be very careful when doing this on a public-facing web server. Have both authentication and rate limiting on the restarting code.
Use the ServiceController class:
http://msdn.microsoft.com/en-us/library/system.serviceprocess.servicecontroller.aspx
This should allow you to connect to the named service and stop/start it.
EDIT:
In addition, you probably need to have your web app impersonate a user with rights to restart the service. This can be accomplished via an identity impersonate in the web.config, or running the web app in a configured application pool in IIS. Keep in mind that the web app will have to run on the same box as the service is running on.
Related
I have a desktop application should behave differently depending on if an optional service is running. I was using the service control manager to check if the service was registered, and if so, whether or not it was running. This worked well until I realized that this seems to require the desktop application to run as administrator.
What would be the best way of checking these conditions (registered and running) in my desktop application, without requiring administrative rights?
You do not need admin rights to query the SCM for service information.
Call OpenSCManager() requesting SC_MANAGER_CONNECT access, then call OpenService() requesting SERVICE_QUERY_STATUS access. That will tell you if the service is installed or not. If so, then call QueryServiceStatus() to find out if it is running or not.
As I'm more familiar with the C# side, I'm not sure if there's a formal API for doing this in C++ that doesn't require some form of elevated privileges. That said, a couple of alternatives come to mind.
You could have your service open a server socket and listen on the localhost address (127.0.0.1) on a specific port. When your application starts running, it would connect to this address. If the connection succeeded, your service is running.
Another option would be to have your service create a named, system-level mutex when it starts running and close it when the service closes. Your application could check to see if the mutex exists. If it does, your service is running.
HTH
I'm trying to run a simple ASP.NET application with basic authentication on an IIS server. Interestingly, the authentication works fine on almost all servers except my production server. When I deploy the application on that machine, it keeps prompting me over and over for the credentials. Unfortunately, it is a lab machine that I don't have access to and I'm not able to view the logs either.
It's an IIS 7.5 server running on a Windows 2008 VM server I guess, and the content folder (where the default app is pointing to) is on shared with us (we have write access to that folder and that's how we are deploying our applications).
Outside authentication settings on the server, what other things could be causing the issue? Please advise.
Most probably this is a access permission to resources used by the web application.
The reason you see this repeatedly login prompt is that the account doesn't have the needed permissions.
First you have to determine if you are using impersonation or not.
If you do impersonate, the authenticated accounts need the necessary permissions.
If you don't impersonate, the application pool account needs the necessary permissions.
So what's the needed permissions?
Well, that could be a lot of things, and we don't know the details of your application.
Do you connect to a database?
Then you have to make sure that current account context has the right permissions to connect to the DB.
Do you read images/files from disk?
Then you have to make sure that current account context has the right permissions to access those resources.
If it is file resources that you are accessing, I would recommend you to use Fiddler and determine which path(s) you'll need to address. It will tell you by those 404 errors.
EDIT: Make sure that your app pool account has the needed permissions for this DLL you mention. Where does it fetch this list from? Is it static in the DLL? Where's this DLL located?
Please also check the event logs on the server for any related errors at the time you try to logon.
I have a service that logs in as a specific user. The service works great when the user logs in, but won't start until they do so. Is there some kind of a setting I am missing?
This is running on a Windows 7 Ultimate box.
The user is an administrator of the box and the service is set to automatically start.
No errors are in the application log, and the service runs like a champ once the user logs in (without having them start it).
Does the user have privileges to start Windows Services (the user policy)? You can try using ntrights.exe to make sure that he does. Also, can you start the service from Services.msc when logged in another account?
I think this is a privileges problem. Either the service login information is incorrect or the user cannot start services.
This was a fun one, but I figured it out this morning.
The issue is that the server was a clean Windows 7 Ultimate install. That means the power management functionality was set to default which causes the machine to power down after 30 minutes, hence the service would stop running. Fixed the power management settings to never sleep and running like a champ.
Thanks for the input folks.
What are the business reasons (advantages/disadvantages) of running a websphere 6.1 App server as a windows service? I mean what are the factors governing this decision?
The other thing I notice is that when I restart the service...and I click something on the admin console, it does n't give me the login page. What is happening here?
You should give this article a read:
http://www.ibm.com/developerworks/websphere/techjournal/1010_supauth/1010_supauth.html
Can you elaborate on the restarting the service and not receiving the login page issue. I am not sure i understand your query here.
What happens when you click on the console after restarting?
HTH
Manglu
To my knowledge - the main reason for choosing to run WebSphere as a Windows Service is that whenever the server goes down for whatever reason, and then is restarted, if not running WebSphere as a service you will need to actually log on to the server and manually start WebSphere. (startServer.bat, startManager.bat, startNode.bat etc).
So for any environment where uptime is an issue on the Windows platform, choose windows service. If you are just installing a development/test environment...not needed.
I have a Windows service written using Topshelf. I'm trying to configure it to run using a Windows account with restricted privileges rather than using LocalSystem. That's also necessary as I'd like to connect to a database using integrated authentication.
The service works when run as LocalSystem (albeit with a database connection string containing credentials) and running the console application as my limited account (using runas) also works.
However, when I try to start the service the service control manager times out waiting for a response:
The service did not respond to the start or control request in a timely fashion.
I also get the following in the Application Popup event log:
Application Error : The exception unknown software exception (0xc06d007e) occurred in the application at location 0x77e4bef7.
The first thing that the application does is writes to a log file but it doesn't reach that when I start the service. The logging works if I run via the console.
Any suggestions what I might be missing or what I might try next?
This problem seems to be related to the server (a domain controller) rather than TopShelf. A service built with the .NET service component also exhibits the same behaviour.
The service runs successfully on a different machine (in the same domain).
Unfortunately this doesn't help diagnose the problem but gives me an acceptable workaround.
Check the MSDN article Debugging windows services which describes how you debug windows services.
I've just started seeing this on a few of my services written in .net 2.0. They'll start fine when the server boots, but if I were to restart them throughout the day, they would not start, and give this error message.
They currently ran under a domain account which has admin rights on the box, but for kicks, I switched it to Local System, and the service started normally. I stopped it, changed it back to the domain account (reentering the password), and it started normally again as expected.
Don't know if this counts as a 'fix' so much, but that's what worked for me.