Solved

Service isnt seeing files over the network

Posted on 2009-07-15
7
224 Views
Last Modified: 2013-12-23
I have a simple service that reads directory values from the registry, then locates the file they point to and copies it to the local machine.  The service properly installs and runs on all of the machines that are a part of my office domain.

I am currently trying to get it to work on a computer that is part of the office network, but not joined to the domain.  I can successfully UNC to the directory I want (\\myServer\install$\batchfile.bat is what I'm trying to reach).  I wrote a few lines of code in C# and compiled them; I pulled the registry values to form the path as usual, then used System.IO.File.Exists to check that file - and it can be seen fine!  I used the directory object to check multiple directories and list the files therein - and THAT works fine too.  Its only when I'm attempting to use my service that it checks the exact same file path and says file not found.  It makes no sense.

Furthermore, I tried checking ANY machine that is on the local network.  As long as my service is not trying to do the check, I can UNC to the computers, and I can programmatically check for files or directories... its only when the service is trying to do it that it doesnt work.

In the code section below I listed part of the installation I use.  I've tried using ServiceAccount.NetworkService (shown here) and ServiceAccount.LocalSystem (this is how I installed it on the domain machines, all of which are working properly) and neither one helps.  I would really, really like to avoid having to add all of these machines to the domain.  There is no reason for them to be added, as it would drive our costs way up, but I need this program to work, and work now.  My deadline is almost up and I cannot figure out what is wrong.

Help!
ServiceProcessInstaller serviceProcessInstaller = new ServiceProcessInstaller();
ServiceInstaller serviceInstaller = new ServiceInstaller();
 
// Service Account Information
serviceProcessInstaller.Account = ServiceAccount.NetworkService;
serviceProcessInstaller.Username = null;
serviceProcessInstaller.Password = null;

Open in new window

0
Comment
Question by:Skkra
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:ToddBeaulieu
ID: 24860685
I suspect you need to specify the credentials to use when accessing a machine not on the domain.

I'm doing this for a current project using PowerShell.

Here are a couple of examples:

<%
option explicit
dim WshNetwork
Set WshNetwork = CreateObject("WScript.Network")
WshNetwork.MapNetworkDrive "K:", "\\serverip\share", "false", "user", "password"
%>

    $net.MapNetworkDrive("x:", "\\server\share", $false, "username", "password")

0
 

Author Comment

by:Skkra
ID: 24861021
Maybe I wasn't clear in my original question - the problem is when going FROM a machine not on the domain TO a machine that IS on the domain.  Do you still think its a credentials problem?  My access code simply looks like this:

if (File.Exists(@sMasterServer + @sMasterServerDirectory + @sBatchFile))
        File.Copy(@sMasterServer + @sMasterServerDirectory + @sBatchFile, @sStorageDirectory + @sBatchFile, true);

This same code works perfectly in my little GUI application, where I hit a button to actively check for the existance of the file.  When my installed service does it, however, it fails.

As a final note, the only account on the computer I'm testing this on is an administrative account.  Thanks!!!
0
 
LVL 16

Expert Comment

by:ToddBeaulieu
ID: 24861093
Oh, Sorry. I misunderstood.

I never tried to do that.

I don't think Network Services wil have access to a domain resource.

http://msdn.microsoft.com/en-us/library/ms684272(VS.85).aspx

But, I believe the approach that I mentioned should let you access a domain resource by specifying the desired account to use, including the domain.

Another approach would be to have the service run under a special account that has rights to the shares. This is really the way to go, I think.



0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:Skkra
ID: 24861364
// But, I believe the approach that I mentioned should let you access a domain resource by specifying the desired account to use, including the domain.

Another approach would be to have the service run under a special account that has rights to the shares. This is really the way to go, I think. //

Do you know how/where I would use this in C# programmatically for my service?  Would it go in the service installation information?  I'm not sure where else I could put this kind of authentication information, as I'm not ever logging onto a machine exactly... just trying to access it...
0
 
LVL 16

Expert Comment

by:ToddBeaulieu
ID: 24861469
Thinking about going from a non-domain machine to a domain machine is really hard for me, for whatever reason. :)

Ok...

You have this service running on a non-domain machine under Network Services, right?
And you want it to access a share on a domain server.

You mentioned running a test GUI. Form which machine? Which account?

If you use the approach I originally mentioned in the service, regardless of which account it's running under, it could access a domain resource under a specific account, which you could test with your account, but ultimately it should be a domain account used by this service to reach in. At that point, you could probably just have the service run under that account, avoiding the need to provide credentials when accessing the rosource.

So can you create a new domain account that has access to the share(s)? And then configure the service on one of the boxes to use that account, instead of NS? That should solve the problem. As a test, you can use your own account to prove it out.

Finally, I wonder if best practices would dictate this process run the other way around, with the trusted code living inside the domain and reaching out to the non-domain resources?
0
 

Author Comment

by:Skkra
ID: 24861795
Let me give it a shot.  I have a meeting this afternoon but I will try it at some point.  Thanks for your help; responses forthcoming.
0
 

Accepted Solution

by:
Skkra earned 0 total points
ID: 24934100
Sadly, nothing would make this work.  Programmatically, the network would always reject non-domain attempts to access domain resources, even when shares were made available.  I'm going to have to re-code and find another way to do this.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question