0

I have an .exe for which I create multiple services and attach them to an Active Directory User Account for that service, I can create almost as many as I want. For most installations, it is usually 10. Each process is given a unique pair of ports to use, and they all start up, and operate fine.

The deployment team would like me to explore installing as Local System. They tried it and ran into issues, and so I have been playing with it and my observation is that after the fourth service is installed, then any new service install after that is unable to run/start. The process never appears to even get to application code. There are no application logs. When a crash dump is created, it is inconclusive, and the process cycles until the service agent disables it.

Those first four instances? They operate just fine. My client manager, manages them just fine, and exercises them freely.

Change to a User Account, and all is fine.

So, what should I be looking for? I know this is a broad question. Each instance of the image is it's own service. If I create them all at once, I tend to make each service depend on its younger sibling, to establish a start up order, but the dependency isn't necessary.

I thought this was related to The difference between the 'Local System' account and the 'Network Service' account?, and tried to piggyback onto that, but someone correct me. So here it is on its own.

I run a powershell script that executes a series of nssm command lines to install and manage the service details.

when it is a AD Account everything is identical, and they all run fine.

The application does get somewhere. All the log files that the app creates get created, but nothing gets written to them.

Stdout and Stderr are routed to their own files, and haven't revealed anything.

For what it is worth, this is my Add-Service function

function Add-Service {
    Param (
        [string]$serviceName,
        [string]$dependsOn,
        [string]$exePath,
        [switch]$SysLocal = $false,
        [string]$Username,
        [string]$Password,
        [string]$runIn,
        [string[]]$parameters
    )

    $stdOutErrFile="$serviceName.log"

    Write-Host "Creating service $serviceName, with $parameters"
    & $nssm install $serviceName "$exePath"
    & $nssm set $serviceName AppParameters "$parameters"
    & $nssm set $serviceName AppDirectory "$runIn"
    & $nssm set $serviceName Start SERVICE_AUTO_START
    if ($dependsOn -ne "") {
        & $nssm set $serviceName DependOnService $dependsOn
    }
    & $nssm set $serviceName Type SERVICE_WIN32_OWN_PROCESS
    & $nssm set $serviceName AppPriority NORMAL_PRIORITY_CLASS
    & $nssm set $serviceName AppNoConsole 1
    & $nssm set $serviceName AppStdout (Join-Path $logsDir $stdOutErrFile)
    & $nssm set $serviceName AppStdoutCreationDisposition 2
    & $nssm set $serviceName AppStderr (Join-Path $logsDir $stdOutErrFile)
    & $nssm set $serviceName AppStderrCreationDisposition  2
    & $nssm set $serviceName AppThrottle 1500
    & $nssm set $serviceName AppExit Default Restart
    & $nssm set $serviceName AppRestartDelay 2000
    Set-ItemProperty -Path "Registry::HKLM\System\CurrentControlSet\Services\$serviceName\Parameters" -Name AppStopMethodSkip -Value 1
    if ($SysLocal -eq $false) {
        & $nssm set $serviceName ObjectName "$Username" "$Password"
    } else {
        & $nssm set $serviceName ObjectName "LOCALSYSTEM"
    }
    & $nssm set $serviceName AppEnvironmentExtra "SERVICE_NAME=$serviceName"
    Write-Host "Starting service: $serviceName"
    Start-Service $serviceName
}

There are no error messages returned. All output from nssm is normal responses for each command issued.

Eric Hallander
  • 23
  • 4
  • Maybe the title isn't right for this question, but it was all I could come up with. – Eric Hallander Aug 06 '19 at 21:33
  • FYI I found something in the event viewer related to return code 3221225477 which is 0xC0000005, which stands for STATUS_ACCESS_VIOLATION. So I think there may be some limit to the number of processes, that can "share" common code when that code is running under Local System. When I install this and use an Active Directory user with Administrator privs, I can instantiate 10 instances of the service. Nothing different except the User. Which is the same if I start 10 instances from the command line. – Eric Hallander Aug 26 '19 at 17:58
  • So, after almost two years, there isn't anyone who has read this, that has a clue? It is actually still an issue, and I suspect it has something to do with protections against, services using too many resources. I just don't haven't found anyway to circumvent those restrictions. If I didn't say it above I have two ways to install this whole setup, of which there are two parts: A managing web server, and a set of .exe workers. – Eric Hallander Jun 24 '21 at 03:20
  • I can install this so that the webserver and the .exe's are installed as separate services, however, when installed as Local System Account, I hit issues discussed above when the 4th or 5th .exe service instance is created. – Eric Hallander Jun 24 '21 at 03:24
  • I can also install such that the webserver is responsible for managing the .exes directly, however, it can only launch 3 of them before the "extras" fail to start. So, I think for sure it's a resource issue. But how to manage that issue? – Eric Hallander Jun 24 '21 at 03:25

0 Answers0