TCP/IP communication blocked when running a service as SYSTEM on W

TheMSsForum.com: The Microsoft Software Forum

I have an app that I can run as a service as well. It is a message service
that communicates to a server on port 443 (SSL). When I run it as an app on
a 2003 Server R2 Standard Edition, it works. If I run it as a service under
a specific account (administrator, for example), it works. If I try to have
it run under the Local System Account, it fails (cannot communicate to the
message service).
Is there some security setting that I need to set in order for this to run
as SYSTEM? This box is set up as a Domain Controller, I don't know if that
plays into this problem or not. I have other w2k3 boxes that this works fine
on. I just can't see what I need to change. Any ideas?
Top

Re: TCP/IP communication blocked when running a service as SYSTEM on W by Roger

Roger
Tue Nov 21 22:47:03 CST 2006

Have you tried configuring it as a service running in Network Service
context instead of System context ? That is what Network Service account
is intended to be used for.

"Gerbmeister" <Gerbmeister@discussions.microsoft.com> wrote in message
news:CB7988DB-6E30-45F0-90A9-338F7499812E@microsoft.com...
>I have an app that I can run as a service as well. It is a message service
> that communicates to a server on port 443 (SSL). When I run it as an app
> on
> a 2003 Server R2 Standard Edition, it works. If I run it as a service
> under
> a specific account (administrator, for example), it works. If I try to
> have
> it run under the Local System Account, it fails (cannot communicate to the
> message service).
> Is there some security setting that I need to set in order for this to run
> as SYSTEM? This box is set up as a Domain Controller, I don't know if
> that
> plays into this problem or not. I have other w2k3 boxes that this works
> fine
> on. I just can't see what I need to change. Any ideas?


Top

RE: TCP/IP communication blocked when running a service as SYSTEM on W by Gerbmeister

Gerbmeister
Wed Nov 22 11:50:01 CST 2006

As a followup:
I have found that it is not specific to 2003 Server. I have a XPPro SP2 box
that has the same problem. Both boxes are running in a domain. I am
checking the other boxes that have problems to see if they are running in a
domain as well.
Is there some security setting in the domain that is missing in order for
this to run successfully?

"Gerbmeister" wrote:

> I have an app that I can run as a service as well. It is a message service
> that communicates to a server on port 443 (SSL). When I run it as an app on
> a 2003 Server R2 Standard Edition, it works. If I run it as a service under
> a specific account (administrator, for example), it works. If I try to have
> it run under the Local System Account, it fails (cannot communicate to the
> message service).
> Is there some security setting that I need to set in order for this to run
> as SYSTEM? This box is set up as a Domain Controller, I don't know if that
> plays into this problem or not. I have other w2k3 boxes that this works fine
> on. I just can't see what I need to change. Any ideas?
Top

Re: TCP/IP communication blocked when running a service as SYSTEM by Gerbmeister

Gerbmeister
Wed Nov 22 14:09:01 CST 2006

How do I do that? When I go to services and edit the properties for my
service, the Log On tab shows I can log on as Local System account or specify
a user account.

"Roger Abell [MVP]" wrote:

> Have you tried configuring it as a service running in Network Service
> context instead of System context ? That is what Network Service account
> is intended to be used for.
>
> "Gerbmeister" <Gerbmeister@discussions.microsoft.com> wrote in message
> news:CB7988DB-6E30-45F0-90A9-338F7499812E@microsoft.com...
> >I have an app that I can run as a service as well. It is a message service
> > that communicates to a server on port 443 (SSL). When I run it as an app
> > on
> > a 2003 Server R2 Standard Edition, it works. If I run it as a service
> > under
> > a specific account (administrator, for example), it works. If I try to
> > have
> > it run under the Local System Account, it fails (cannot communicate to the
> > message service).
> > Is there some security setting that I need to set in order for this to run
> > as SYSTEM? This box is set up as a Domain Controller, I don't know if
> > that
> > plays into this problem or not. I have other w2k3 boxes that this works
> > fine
> > on. I just can't see what I need to change. Any ideas?
>
>
>
Top

Re: TCP/IP communication blocked when running a service as SYSTEM by Gerbmeister

Gerbmeister
Wed Nov 22 14:16:02 CST 2006

I see how to run as the "NT AUTHORITY\NetworkService". What password does
this account use?

"Gerbmeister" wrote:

> How do I do that? When I go to services and edit the properties for my
> service, the Log On tab shows I can log on as Local System account or specify
> a user account.
>
> "Roger Abell [MVP]" wrote:
>
> > Have you tried configuring it as a service running in Network Service
> > context instead of System context ? That is what Network Service account
> > is intended to be used for.
> >
> > "Gerbmeister" <Gerbmeister@discussions.microsoft.com> wrote in message
> > news:CB7988DB-6E30-45F0-90A9-338F7499812E@microsoft.com...
> > >I have an app that I can run as a service as well. It is a message service
> > > that communicates to a server on port 443 (SSL). When I run it as an app
> > > on
> > > a 2003 Server R2 Standard Edition, it works. If I run it as a service
> > > under
> > > a specific account (administrator, for example), it works. If I try to
> > > have
> > > it run under the Local System Account, it fails (cannot communicate to the
> > > message service).
> > > Is there some security setting that I need to set in order for this to run
> > > as SYSTEM? This box is set up as a Domain Controller, I don't know if
> > > that
> > > plays into this problem or not. I have other w2k3 boxes that this works
> > > fine
> > > on. I just can't see what I need to change. Any ideas?
> >
> >
> >
Top