Summary of WCF deployment issues (solutions for HTTP registration failures)

However, after the tool is written and deployed, an error occurs, but the Windows service is not started.

I didn't know the reason, so I deployed it in Windows 2008 R2 Core and couldn't view the log (why should I use R2? Well, I encountered an error when installing. NET 2008 in Win 3.5 Core ~)

Today, I found another test machine and found the problem.

Log name: Application
Source: DDNSHostService
Date: 2009/8/13 14:13:06
Event ID: 0
Task Type: None
Level: Error
Keyword: Classic
User: Missing
COMPUTER: WPI2-PC
Description:
The description of event ID 0 from the source DDNSHostService cannot be found. Components that cause this event are not installed on the local computer, or the installation is damaged. You can install or repair components on your local computer.

 

If the event is generated on another computer, the display information must be saved in the event.

The following information is contained in the event:

 

The service cannot be started. System. ServiceModel. AddressAccessDeniedException: HTTP cannot register URLhttp: // +: 8080 /. The process does not have access to this namespace (for more information, see http://go.microsoft.com/fwlink? LinkId = 70353 ). ---> System. Net. HttpListenerException: access is denied.
In System. Net. HttpListener. AddAll ()
In System. Net. HttpListener. Start ()
In System. ServiceModel. Channels. SharedHttpTransportManager. OnOpen ()
--- End of the internal exception stack trace ---
In System. ServiceModel. Channels. SharedHttpTransportManager. OnOpen ()
In System. ServiceModel. Channels. TransportManager. Open (TransportChannelListener channelListener)
In System. ServiceModel. Channels. TransportManagerContainer. Open (SelectTransportManagersCallback selectTransportManagerCallback)
In System. ServiceModel. Channels. HttpChannelListener. OnOpen (TimeSpan timeout)
In System. ServiceModel. Channels. CommunicationObject. Open (TimeSpan timeout)
In System. ServiceModel. Dispatcher. ChannelDispatcher. OnOpen (TimeSpan timeout)
In System. ServiceModel. Channels. CommunicationObject. Open (TimeSpan timeout)
In System. ServiceModel. ServiceHo...

This error is displayed in the Windows Log,

After checking on the Internet, it is basically a permission issue.

 

In fact, this problem is mainly caused by the use of HTTP binding, because the registration of HTTP in the system is managed by HTTP. sys.

Therefore, this problem should not be solved if it is not HTTP.

 

Solution description

For a Windows program, you can right-click it and select "start as administrator", including

If it is in IIS, it is generally no problem, WPA (Windows Process activation Service)/IIS7

Generally, there is no problem. IIS itself already has permissions.

For Windows Services (the focus of this Article), you may need to configure

As a WCF Service, if you use a general program as the host, as the final product, it is always a little bad (of course, this is based on the premise that the server is a server, this is not the case if it is a P2P program !)

During service deployment, a system account is usually selected to run the service.

By default, if you are using a local system account,

The other two accounts may encounter errors: Local Service account and Network Service account)

Of course, you can specify an account by yourself. By the way, the three accounts above do not have a password.

 

The solution is as follows:

1. Open the command line in Management Mode

Command 1

 

Netsh http add urlacl url = http: // The address can be expressed with +: Port/sddl = "D :( A; GX; LS) user = domain \ user

 

Explain

Netsh is the built-in HTTP configuration tool Vista and later. The previous version is httpcfg, which is included in the additional toolkit.

HTTP is related to HTTP configuration.

Add is to add, and other operations such as Delete and show

Urlacl is the most important. url ACL (URL Access Control List)

Url = is the address you want to use. It can be a domain name such as abc.com, or use + to indicate general purpose (including ports)

SDDL is a Security Descriptor Definition Language. It is a very obscure thing that I do not understand. For more information, see the link below.

Here I will explain what I wrote above.

D :( A; GX; LS)

D: DACL flag

A indicates that access is allowed.

GX general execution permission

LS Local service account)

In addition

SY Local system account)

NS Network service account)

If you do not need this predicted account, you may need to enter the SID of the corresponding account.

User indicates the corresponding user, which is similar to the last one above, but it should be used in a custom startup account.

 

For example, the command that allows the local service to register port 8080 of all addresses is

 

Netsh http add urlacl url = http: // +: 8080/sddl = "D :( A; GX; LS )"

 

If this succeeds, you should be able to start the service.

Next

Command 2

 

Netsh http add iplisten ipaddress = IP address + Port

 

The first half of the service is the same as the former half. Only different parts

IpListen is the IP listener list.

Ipaddress is the IP address + port for listening (it can be an IPV6 address)

 

For example, listening to port 8080 of all addresses

 

Netsh http add iplisten ipaddress = 0.0.0.0: 8080

 

Next, add firewall rules. If you are using servers later than Win2008, You need to configure the system firewall. Of course, you can turn it off.

Command 3

 

Netsh advfirewall firewall add rule name = name dir = in action = allow protocol = protocol localport = port

 

Explanation:

Advfirewall is an advanced firewall feature

Firewall is the firewall.

Add is the same as the frontend.

Rule is a Rule.

Name is the rule Name.

Dir indicates the data direction, and in indicates entering out indicates sending

Action is an action that is allowed by allow and blocked by blocks.

Protocol is a protocol that can be 0-255 | icmpv4 | icmpv6 | icmpv4: type, code | icmpv6: type, code | tcp | udp | any (default = any) is generally TCP

Localport is the widely used local slogan.

 

For example, to allow external access to the HTTP 8080 port, the rule name is "DDNS Client Host Service"

 

Netsh advfirewall firewall add rule name = "DDNS Client Host Service" dir = in action = allow protocol = TCP localport = 8080

 

 

After these steps are completed, the basic program can run. External machines should also be able to access

If you want to Delete the file, replace Add with Delete.