Windows Service accessing UNC share

I know that a similar question has been asked on this site recently and I have tried the recommended solution but am still having problems.

I have an application which I want to run as a Windows service on an XP(yes unsupported) machine. This service needs to be able to store data onto a server share(Win2003 Server) which is specified in a config file as a UNC path.

I have followed the previous advice and created matching local users on both systems and given the local user on the server the necessary access to the share.

If I run my application in non service mode(ie logged in on the Xp machine as the newly created local user and run from the command line) then the whole process works and the data is stored as it should be on the server share. However as soon as I run the application as a service using the new local account as the Logon account no data is written on the server share.

Addition information
- the server is part of an AD domain
- the XP machine is not part of that domain

I can't figure out whether my problem is to do with how the XP machine is running the service and whether it is allowing network access or whether the problem is actually on the server side which isn't accepting network connections from a service.

Any help would be much appreciated.

Regards

Andrew Hoole

Posted 2014-04-15T09:48:24.220

Reputation: 11

Answers

When entering the credentials to access the share did you enter the server name and then a backslash before the username to specify it is a local account?

e.g. servername\username

The server might be trying to authenticate the account on the domain rather than locally.

RJSmith92

Posted 2014-04-15T09:48:24.220

Reputation: 820

The logon account in the service properties is defined as .\ServiceUser – Andrew Hoole – 2014-04-15T10:59:23.790

Zero. Your service should produce local logs, from which it should be clear what isn't working or where to look for the problem. If it's not the case, and you're responsible for development, add this function.

First, share access checked in two places:

Shared folder itself (it can have different permissions for different users)
NTFS ACL

Your user, under which test successes, certainly has both accesses. What about service user? Check it first (on server).

Second, you can temporarily allow service user to log on locally, log on under it, and try to access the share. This way you will see if it's working. After that, you may be able to run the app in debug mode and check what is going wrong.

Btw, where is configuration stored? Maybe config location is different for each user, or inaccessible for service user?

LogicDaemon

Posted 2014-04-15T09:48:24.220

Reputation: 1 681

Zero - it does produce some form of logs but not that useful may have to improve these. – Andrew Hoole – 2014-04-15T10:51:00.333

Initially on the XP machine I created the user as a normal use which was then automatically granted rights to logon as a service when I used the account for the service. I was able to use the service account to log on locally and run the application, that was how I got the success, so the account being used for the service does have the necessary authority. Checking the event log on the server hosting the share I don't see any Security logs(Success or Rejection) when the app is running as a service, but I do see these when it runs not as a service. Seems to indicate no attempt is being made. – Andrew Hoole – 2014-04-15T10:57:26.223

Then problem can be caused by that this app can't really work as a service. Maybe it's better to run it via task scheduler? – LogicDaemon – 2014-04-15T12:26:08.817

I use it all the time as a service but normally it is saving the data to the local disk, I just want to change that to being a network share so I can separate the hosting of the service applications from the data storage location. Need to dig into the code a bit more unfortunately the bit that saves the data is hidden in a library that is linked in. You asked about the location of the config file, that is stored in c:\local... The app itself apart from the saving of the data is working. – Andrew Hoole – 2014-04-15T12:33:59.983

Hmm, my bad, idk. Maybe, just maybe, problem is security token for logged in users. Can you to initiate execution of command net.exe use \\server\share before share access takes place? – LogicDaemon – 2014-04-15T12:42:56.043

Hmm not sure but your idea of running it as a scheduled task works so I have a way forward if I can't figure out what is wrong with this access when running as a service. Thanks for your ideas and help so far. – Andrew Hoole – 2014-04-15T12:54:58.793