I have getting the above error when i try to start wcf service hosted in windows service. i am using net.tcp binding with port sharing and have updated the SMSSvcHost.exe.config with the correct SID. What else I could be missing which is casuing this error
i noticed on other forums people suggsting rebooting the server and running the service under admin account. don't know how relevant these suggestions are.
the issue was casued by installtion of .NET Framework 4.0. It upgared net.tcp port sharing as well.
I ran into the same issue. My solution is grant Administrative right to the application by adding app.manifest file and use this file in the project properties, manifest field. If I am running in Visual Studio, I need to run VS in administrative mode.
That is kind of sucks. I am wondering others have a different solution to this.
Running Visual Studio as Administrator worked for me
Related
I have been trying to browse a website run under IIS Express VS2019 from another computer on the same network. I see the following error.
Bad Request - Invalid Hostname
I found several discussions where people suggested adding bindings and I did try adding so many different bindings in applicationhost.config with specific hostname, IP, hostname+ip, wildcards. When I add any binding or modify the existing localhost binding VS 2019 start giving me the following error
Unable to connect to web server 'IIS Express'
I am running VS2019 as an admin. What else I am missing?
Here is what I discovered. I do not have admin privileges on my local PC. Our sysadmin had created a shortcut for me which launches VS2019 as an admin. However, the VS was still not run as elevated Admin privileges. Turns out, you need to be an admin, and you must right-click the VS2019 shortcut and choose Run As Administrator with a shield and say Yes to the warning. The shortcut wasn't doing none of that. Now my custom IIS Express bindings are picked up from applicationhost.config without any issue.
I've created a WCF service in Sharepoint 2013 and it works great on our dev server. However, we now need to push it onto a production server and I can't seem to find any instructions on how to publish to another server.
I followed a tutorial very similar to this one:
http://www.robertseso.com/2013/05/adding-custom-wcf-services-to.html
In development, but it doesn't cover actual deployment. As per this (and other) tutorials, I deployed as a "farm" solution. If I go to "publish" in Visual Studio the option to "Pubish to SharePoint Site (Sandboxed solutions only)" is grayed out.
After a lot of searching around, I was able to piece together an answer. So in case anybody else encounters the same problem:
In Visual Studio, when you go to "Build" and "Publish..." you can "Publish to File System" (the Publish to SharePoint Site being grayed out as noted in the question). What this does is produce a .wsp file that is you packaged install file you need.
Transfer this file to your target SharePoint server and then open SharePoint Management Shell (as administrator). A list of available cmdlets can be found here:
http://technet.microsoft.com/en-us/library/ff678226%28v=office.15%29.aspx
I used:
Add-SPSolution -LiteralPath c:\<path to wsp file>\myservice.wsp
This adds the solution to Sharepoint but doesn't install it. To install you need:
Install-SPSolution -Identity myservice.wsp -GACDeployment
Note, however, that this will give you an error if the Sharepoint Administrator service isn't running (so check in services.msc first)
This add the installation job to a timer to be run at some point. You can check the status with:
GetSPSolution
Which will list all the solutions, or you can pass a name to if you want to only see the one you just installed. This will show you the "Deployed" status of the service. In my case, it was stuck of False and even after several minutes refused to do anything.
In my case, this problem was solved by going back into services and restarting both SharePoint Timer Service and SharePoint Adminstrator after which is magically showed deployed as True.
BLUF
Our application is attempting to write a file to a UNC folder using an ASP.NET web service running under .NET 4.5, IIS 7.5, and Windows Server 2008 R2. However, any attempt to write the file to the desired location results in an access denied exception.
The task seems simple however me and my team have been troubleshooting this for a while now and we are stumped as to what may be causing the error. Below are the details of our setup and what we have tried and found so far. Names have been changed to protect the innocent.
Environment Setup
The web server, mywebserver, has a website named My.Site.Com with a corresponding application pool named My.Site.Com. The application pool is configured as shown below.
.NET Framework Version : v4.0
Enable 32-bit Applications : False
Managed Pipeline Mode : Integrated
Name : My.Site.Com
Identity : ApplicationPoolIdentity
Load User Profile : False
The UNC path we are attempting to write to is \myotherserver\mydirectories\output where mydirectories is the actual share. On this share a domain group named mygroup-www has been granted full permissions to the share and all subfolders. The machine account (i.e., mywebserver) is a member of this mygroup-www group.
NOTE: For the moment, this UNC path actually lives on the same
machine, mywebserver. However, this will eventually be moved to a machine other
than mywebserver in our test environment and in the production environment
when that it is ready. Currently, I only have the one test environment to troubleshoot with.
The error can be replicated by executing the following code.
[WebMethod]
[ScriptMethod(UseHttpGet = false, ResponseFormat = ResponseFormat.Json)]
public string ExportReport(int reportId)
{
try
{
string output = ConfigHelper.OutputPath + "test.html"; // UNC path
string url = ConfigHelper.VirtualPath + "test.html";
string[] lines = { "Hello", "World!" };
File.WriteAllLines(output, lines); // Access Denied!
return url;
}
catch (System.Exception ex)
{
Logger.ErrorException("Error exporting report", ex);
throw;
}
}
Troubleshooting
Failed Attempts
We tried various combinations of group/user permissions on the folders (listed below). When running these tests we also ran Process Monitor. For each configuration we saw the same result. The w3wp.exe process attempted to create the file in the desired location but reported a result of ACCESS DENIED. The user of each configuration was IIS APPPOOL\My.Site.Com as expected.
Granting mydomain\mymachine$ full permissions to \myotherserver\mydirectories
Granting mydomain\mymachine$ full permissions to \myotherserver\mydirectories\output
NOTE: I have also tried modifying the code so that it would read a
simple file from \myotherserver\mydirectories\output. When
attempting to read the file, the process fails with an ACCESS DENIED
message as it did when writing the file.
Successful Attempts
We also tried several configurations that worked.
Grant the local IIS APPPOOL\My.Site.Com permissions
The first configuration to work was to grant the IIS APPPOOL\My.Site.Com full permissions to \myotherserver\mydirectories The file was successfully written however the process's user was quite unexpectedly a domain account that was set up for a web application on the same machine in another website. This remains very confusing but worked as the 'other' account also has write permissions to the share.
This won't work in production as we cannot use local accounts to grant access to networked resources but is an interesting data point nonetheless.
Change the App Pool Identity to Domain User
The second configuration that worked was to change the My.Site.Com application pool's identify to domain account that had full permissions to \myotherserver\mydirectories. This was a 'vanilla' domain account that was manually created by us. We did not capture what the user of the process was but that may be another useful data point.
This option may be possible, however it breaks away from best practices with IIS 7.5 and may not be allowed in our production environment due to fairly stringent IT policies.
Run the Site On My Development Machine
The third test was to run the site locally on my development machine, mydevmachine. My local IIS configuration is identical to mywebserver with the exception that I am running Windows 7 instead of Windows Server 2008. I granted full permissions for mydomain\mydevmachine to the \myotherserver\mydirectories and ran the application. The file was successfully written. According to Process Monitor the user for the process was correctly set to IIS APPPOOL\My.Site.Com.
Conclusion
We would like to enable write access as designed using the machine account of mywebserver. We have read ApplicationPoolIdentity user cannot modify files in shared folder in Windows Server 2008 and Permissions for Shared Folder for IIS 7 Application Pool Identity Across Domain and Application Pool Identities.
According to this information we should be able use the machine account to grant read and write access to networked resources such as the UNC path. In fact, I can do this in the desired manner when running the web site from my development machine.
There are a couple thoughts that come to mind. Perhaps there is something wrong with the machine account of the test web server. Or perhaps that 'other' software is interfering with the process somehow.
Any thoughts as to what may be causing this issue? What else should we do to troubleshoot?
Reboot your 'mywebserver'.
Marvel at the now mysteriously functional ApplicationPoolIdentity.
Install MS HotFix KB2545850 and learn the details about this bug in KB2672809 which also shows the steps to reproduce and demonstrate this apparently random problem. Direct download link here.
Speculate why Microsoft has not managed to release a normal windows update for this in the 3 years since that hotfix was published. While people still continue running into it and pulling their hair out because of this obscure problem.
Learn about the other folks who have shared and enjoyed this gift from MS that still continues to keep on giving:
IIS application using application pool identity loses primary token?
DirectoryServicesCOMException 80072020 From IIS 7.5 Site Running Under ApplicationPoolIdentity
ApplicationPoolIdentity cannot access network resources
ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working
Windows Authentication Failed when using application pool identity
IIS 7.5 stops using machine account to connect to network resource when using AppPoolIdentity
Your Windows 7 dev machine probably worked fine because it reboots more often than the server. Congrats on your very well written and thorough bug report. I rarely see that here.
I had similar problem accessing a network share using AppPoolIdentity in an ASP.NET application (access denied).
Using NetworkService account or other domain account worked but these were not the best solution.
I performed almost all the tests you did but finally found something that worked.
I figured out that the Network Service account was not used when accessing the shares, just like you did (i expected domain\machine$ account)
This worked for us:
On your IIS web site, go to Authentication and change the Anonymous Authentication item to "Application Pool Identity". It's by default set to "IUSR". This solved our problem.
Also maybe activating ASP.NET impersonation (still in Authentication menu) may help.
Thibault
I have faced same issue, I resolved by creating one domain account for each environemt (QA, STAGE, PRODUCTION). In Application pool identity I have set custom account and I used domain user for respective account. Now It gives me the ability to write and read the files from UNC Path.
I'm a beginner in WCF, but trying to improve my experience. And on the first step I faced the problem. I created the simplest WCF service. The listing of code: (all the code in one file)
using System;
using System.ServiceModel;
namespace EssentialWCF
{
[ServiceContract]
public interface IStockService
{
[OperationContract]
double GetPrice(string ticker);
}
public class StockService : IStockService
{
public double GetPrice(string ticker)
{
return 94.85;
}
}
class Service
{
static void Main(string[] args)
{
ServiceHost serviceHost = new ServiceHost(typeof(StockService),
new Uri("http://localhost:8000/HelloWCF"));
serviceHost.AddServiceEndpoint(typeof(IStockService), new BasicHttpBinding());
serviceHost.Open();
Console.WriteLine("To continue press ENTER");
serviceHost.Close();
}
}
}
That would be the service that give me a number via console. But debug give me the exception: (instead of number :) )
HTTP could not register URL http://+:8000/HelloWCF/. Your process does not have access rights to this namespace.
Have you ever faced the same situation? I will be glad to see every advice.
Unfortunately the link in the exception text, http://go.microsoft.com/fwlink/?LinkId=70353, is broken. However, it used to lead to http://msdn.microsoft.com/en-us/library/ms733768.aspx which explains how to set the permissions.
It basically informs you to use the following command:
netsh http add urlacl url=http://+:80/MyUri user=DOMAIN\user
You can get more help on the details using the help of netsh
For example: netsh http add ?
Gives help on the http add command.
I closed Visual studio IDE and reopened it by right clicking on the Visual Studio icon and saying "Run as Administrator", Then when I ran the host , It worked!!!
Right Click on Visual Studio > Run as Administrator > Open your project and run the service.
This is a privilege related issue.
The simple thing you need to do is to close your Visual Studio environment and open it again by using 'Run as administrator'. It should now run successfully.
You need some Administrator privilege to your account if your machine in local area network then you apply some administrator privilege to your User else you should start ide as Administrator...
You must give permission to your app for listening http requests. You can use this command in cmd for this purpose (open cmd Run As Administrator mode)
netsh http add urlacl url=http://+:8000/ user=Everyone
If your app is working other port, for example 9095, this command must be like as below:
netsh http add urlacl url=http://+:9095/ user=Everyone
And re-run your app, it should work.
This way working for me.
In Windows Vista and later the HTTP WCF service stuff would cause the exception you mentioned because a restricted account does not have right for that. That is the reason why it worked when you ran it as administrator.
Every sensible developer must use a RESTRICTED account rather than as an Administrator, yet many people go the wrong way and that is precisely why there are so many applications out there that DEMAND admin permissions when they are not really required. Working the lazy way results in lazy solutions. I hope you still work in a restricted account (my congratulations).
There is a tool out there (from 2008 or so) called NamespaceManagerTool if I remember correctly that is supposed to grant the restricted user permissions on these service URLs that you define for WCF. I haven't used that though...
Your sample code won't work as shown because you forgot to include a Console.ReadLine() before the serviceHost.Close() line. That means the host is opened and then immediately closed.
Other than that, it seems you have a permission problem on your machine. Ensure you are logged-in as an administrator account on your machine. If you are an administrator then it may be that you don't have the World Wide Web Publishing Service (W3SVC) running to handle HTTP requests.
While I was able to solve this problem in one computer following the other users solutions, the command netsh didn't solve the issue in one of my machines and even though the current user had administrator rights I was still getting the "HTTP could not register URL.... Your process does not have access rights to this namespace". So I'm sharing my solution in case you still don't get it to work with the other solutions too.
After also trying to give write permissions to the user in the physical directory of my website and getting no success, I finally decided trying to change IIS settings.
As the images below show, I configured the Physical Path Credentials of my website to connect as an specifc user, which was an admin account with DOMAIN\username and password, and this was enough to make the error disapear.
Close iis express and all the browsers (if the url was opened in any of the browser). Also open the visual studio IDE in admin mode. This has resolved my issue.
I was getting the same error in a for a domain using a different port (2130). The process was a service. I was able to fix the issue by changin the user running the service from NetworkSystem to Local System Account.
Another thing I might add: If this just for local testing purposes you could try to change the port from 8000 to something else such as 8080 and not get this error. That worked for me at least.
I am having a problem when I try to browse WCF service (.svc file) which is hosted in IIS7 & Windows7. It throws following error.
HTTP Error 404.3 - Not Found
The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.
I tried to run ServiceModelReg, but it say I should have admin rights in order to run this, although I am admin on this machine.
Does any one know how to resolve this issue.
FInally....
I am able to resolve this issue.
I ran following two command and it solved the problem.
aspnet_regiis -i & ServiceModelReg -i
Even though I am admin on the machine, I need to run this 2 commands by right click and select 'Run as Admin'.
Your issued is answered here. Trying to be short:
When you start the command prompt, can
you right-click on the icon to open it
and select "Run as Administrator"? I
don't know exactly what's the logic
behind that, but on Vista there are
two kinds of administrative users, one
"normal" administrator and one
"elevated" administrator. I'd guess
the tool needs the second kind.
and second
Also, Why do you need to run
Servicemodelreg.exe on VIsta?
Officially this is not supported on
Vista. Instead you can go to WIndows
features menu throught Add remove
programs and enabled Http Activation
under .Net framework 3.0 feature.
This will enable everything you might
want to do via Servicemodelreg.exe.
Edit
And also here.
If you go into IIS Manager and double click on Handler Mappings do you have *.svc paths listed?
If they are missing this link may help http://msdn.microsoft.com/en-us/library/ms752252(v=vs.90).aspx