win7/vista/server2008 vs Environment Debug calls HTTP. SYS cannot start the listening service and the port cannot be accessed by other machines after startup

I. VS debugging under the Win7 (Vista series) operating system HttpListener cannot bind multiple specified IP, port issues

　　

From: http://www.cnblogs.com/ryhan/p/4195693.html

Symptom: System.Net.HttpListenerException (0x80004005): Access denied.

Cause: The VS IDE does not have enough permissions (the resulting product permissions will not be enough), which can be resolved by increasing UAC permissions

Steps:

1. Select the corresponding project, right-click Add-New application manifest file app.manifest

　　　　

2. Change the level of the configuration item requestedExecutionLevel AsInvoker to Requireadministrator

　　　　

3. Start debugging and restart the IDE with Super permissions

　　　　

4. After reboot, the service started successfully ...

　　　　　　　　　

5. The built-in EXE file will show the Shield logo

　　　　

Resources:

Introduction of App.manifest in http://blog.csdn.net/a316019667/article/details/8647237--vs2005 (C # program runs the method under Win7 with administrator privileges)

Http://www.tuicool.com/articles/BnE7jy--. A summary of ways to elevate UAC permissions in Net-the great Lord Mayswind

Http://tech.sina.com.cn/s/2009-12-10/07281168314.shtml--A detailed description of the UAC settings for the application in Visual Studio

http://www.cnblogs.com/wene/archive/2010/09/12/1824476.html add manifest files in--visual Studio 2008

http://blog.csdn.net/nanchuan/article/details/8301310--win7 in HttpListener deny access exception resolution C #

　　　　

Two. The HTTP service started in the Win7 (Vista series), other machines cannot access the problem (or cannot start the program as a service)

　　Symptom: Other machines cannot access the service ports that have been started

Cause:1. Port is quarantined by firewall

2. The system does not listen for the corresponding port data

3. The system does not forward the monitoring data to the corresponding handler

Steps:

To open the command line in Administrator mode:

1. Enter the following command to add a URL access control list

netsh http add urlacl url=http://+:8080/sddl= "D: (A;; GX;;; LS) "

2. Enter the following command to add a ip+ port to listen on

netsh http add iplisten ipaddress=0.0.0.0:8080

3. Enter the following command to add a firewall rule (required option)

　　　　netsh advfirewall firewall add rule name= "My Http Sev" Dir=in action=allow protocol=tcp localport=8080

After completing the above steps, the service should be accessible to other machines.

Resources:

Http://www.cnblogs.com/cmdszh/archive/2012/08/16/httplistener.html--win7 in HttpListener deny access exception resolution C #
http://www.cnblogs.com/jiewei915/archive/2010/06/21/1762066.html--WCF Deployment Issues Small Summary (HTTP cannot register the workaround)

----------------------------------------------------------Split line The following sections are transcribed----------------------------- -----------------------------------

Source Address:http://www.cnblogs.com/jiewei915/archive/2010/06/21/1762066.html

Small summary of WCF deployment issues (workaround for HTTP not registered)

However, after the tool was written and deployed, it made a mistake and the Windows service did not start.

The reason was not known at the time, so I was deployed under Windows R2 Core and couldn't see the log (why use R2?). Yes, because I made a mistake when I installed. NET 3.5 under Win core.

Today, I found the test machine again, and discovered the problem.

Journal name: Application
Source: Ddnshostservice
Date: 2009/8/13 14:13:06
Event id:0
Task Category: None
Level: Error
Keywords: classic
User: N/A
Computer: WPI2-PC
Describe:
Unable to find description of event ID 0 from source Ddnshostservice. The component that raised this event is not installed on the local computer, or the installation is corrupted. You can install or repair components on the local computer.

If the event occurs on another computer, the display information must be saved in the event.

The following information is included in the event:

The service could not be started. System.ServiceModel.AddressAccessDeniedException:HTTP cannot register urlhttp://+:8080/. The process does not have access to this namespace (for more information, see http://go.microsoft.com/fwlink/?LinkId=70353). ---> System.Net.HttpListenerException: Access Denied.
In System.Net.HttpListener.AddAll ()
In System.Net.HttpListener.Start ()
In System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen ()
---the end of the inner exception stack trace---
In System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen ()
In System.ServiceModel.Channels.TransportManager.Open (Transportchannellistener channellistener)
In System.ServiceModel.Channels.TransportManagerContainer.Open (selecttransportmanagerscallback Selecttransportmanagercallback)
At System.ServiceModel.Channels.HttpChannelListener.OnOpen (TimeSpan timeout)
At System.ServiceModel.Channels.CommunicationObject.Open (TimeSpan timeout)
At System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen (TimeSpan timeout)
At System.ServiceModel.Channels.CommunicationObject.Open (TimeSpan timeout)
In the System.ServiceModel.ServiceHo ...

This error was seen in Windows log,

Check the Internet, the basic problem is the authority.

In fact, this problem is mainly caused by the use of HTTP bindings, because the registration of HTTP in the system is managed by. Sys.

So, not HTTP should not have this problem.

Workaround for the Deployment method description

If it is a Windows program, general right-click, select "Start as Administrator" can be, including when vs debugging

If it is under IIS, there is generally no problem with WPA (Windows Process Activation service)/IIS7

Generally, there is no problem, and IIS itself already has permissions.

If you are a Windows service (this article focuses), you may need to configure the

As a WCF service, if you use the general program to host, as the final product, always a little bad, (of course, this is a server-side is the premise to say, if it is the kind of peer-to class of the program is not the problem!). ）

When you deploy a service, you typically select a system account to run the service

By default, if you are using the Local system account, there should be no problem.

For the other 2 accounts, you may encounter errors, namely local Service account and Network Service account.

Of course, you can specify an account, here by the way, the top 3 accounts are no password

Here's the solution.

1. Open the command line with admin mode

Command 1

netsh http add urlacl url=http:// address can be used with + to denote generic : Port / SDDL="D: (A ;; GX;;; LS) User =domain\user

Explain

Netsh is the configuration tool for HTTP more than Vista comes with, before the version is Httpcfg, in the extra kit

HTTP is configured for HTTP-related

Add is added, there are other actions such as deleting Delete and showing show

Urlacl is the most important, url ACL (URL access control list)

Url= is the address you want to use, can be a domain name such as abc.com, you can also use the + to denote universal, (also include Port OH)

SDDL is a security Description definition language (Descriptor Definition Language), a very obscure thing, I also do not understand. Specific can refer to the following link.

Here, explain what it says.

D: (A;; GX;;; LS)

D:dacl Mark

A means that access is allowed

GX General Execution permissions

LS Local Service Account

In addition, there are

SY LocalSystem account (Local System)

NS Network Service Account

If you do not use this predictable account, you may need to enter the SID of the corresponding account to

User represents the corresponding users, similar to the last point on the top, but should be used in a custom startup account.

For example, a command that allows a local service to register 8080 ports for all addresses is

netsh http add urlacl url=http://+:8080/ sddl="D: (A;; GX;;; LS)"

If this succeeds, you should be able to start the service.

Next

Command 2

netsh http add iplisten ipaddress=IP address + port

Explanation, the first half of the service is the same as the front. Just say the different parts

Iplisten is the IP listening list

IPAddress is the IP address + port (which can be an IPV6 address) to listen on

Example: Listen for 8080 ports for all addresses

netsh http add iplisten ipaddress=0.0. 0.0:8080

Next, add the firewall rule, if you use a server with more than Win2008, you need to configure the system firewall, of course, you can turn it off.

Command 3

netsh advfirewall firewall add rule name= name dir= inaction= Allowprotocol= protocol LocalPort= Port

Explain:

Advfirewall is an advanced firewall feature

Firewall is the firewall.

Add and the same as the front

Rule is rules.

Name is the name of the rule

Dir is the data direction, in indicates that entering out indicates the emitted

Action is allowed with allow and block block

Protocol is the Protocol can be 0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|tcp|udp|any (Default=any) is generally TCP

LocalPort is the local use of the wide slogan

For example, allow external access to the HTTP 8080 port, the name of the rule is "DDNS Client Host Service"

netsh advfirewall firewall add rule name="DDNS Client Host Service" dir= inaction=< C10>allow protocol=TCP localport=8080

After this is done, the basic program can run. The outside machine should be able to access it.

If you want to delete, you can change the ADD to delete, although some minor problems

---------

Test program Download

---------

win7/vista/server2008 vs Environment Debug calls HTTP. SYS cannot start the listening service and the port cannot be accessed by other machines after startup