Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Problems after changing host user for UWS process
psladky
#1 Posted : Monday, August 12, 2013 7:37:55 AM(UTC)
Groups: Member
Joined: 8/12/2013(UTC)
Posts: 2

Hello,
there is a problem that webserver has many (hundreds of each) running processes of:
conhost.exe, UWS.AppHostClr2.AnyCpu.exe, UWS.AppHostClr2.x86.exe

I found many warnings in the windows event viewer like this:


"The description for Event ID 0 from source UWS Host UWS.AppHost.Clr2.x86 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Monitoring service has not communicated for at least 120 seconds. Shutting down host process ""C:\Program Files\UltiDev\Web Server\UWS.AppHost.Clr2.x86.exe" 42004486-e9f5-4437-b415-781b6763892d".


The webserver seems to be normally running / asnwering webservice function calls.
As the webservice function needs some permission to the network files I have changed in the service for webserver the logOn from Local system to some user.

To me seems that monitoring service starts these instances again and again , but I see no reason/explanation for this behaviour.

What could I check?
Ultidev Team
#2 Posted : Monday, August 12, 2013 11:01:31 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi,

Running UWS host processes under identities other than Network Service and Local System is not supported. We suspect that after UWS monitoring service starts UWS app host process, it can't communicate with the said host process due to user's insufficient access rights. Such host process is considered hung by UWS monitoring, and it will try to restart it again. The host process will too quit if it didn't get a ping from the monitoring service in about two minutes. So this broken link between monitoring service and host processes causes endless quit & multiple restart problem.

The best way to deal with this issue is to follow best practices and do no elevate entire host process'es access rights, but have an out-of-process ServicedComponent running in whatever user context you wish, and called by your app. This is applicable to any web app, under IIS or UWS, or any other web server: they are run under locked-down user account for security reasons and simply lifting these restrictions for the entire process is a bad practice.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
psladky
#3 Posted : Tuesday, August 13, 2013 5:29:04 AM(UTC)
Groups: Member
Joined: 8/12/2013(UTC)
Posts: 2

Hi,
many thanks for your answer.
Do I understand your suggestion well ? Write higher level (from user rights point of view) functions into separate service and call it from webservice function?

It is not for few hours to do, so I would need some temporary solution...
As I need only access to shared directory I will try with Network Service identity.
How about idea to change user also in monitoring service ? Could this help?

Many thanks
P. Sladky
Ultidev Team
#4 Posted : Tuesday, August 13, 2013 10:32:15 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi,

Since we have not tried it, we can only speculate as to how to do it. If you app is registered under Local System host process, you may try to change user of "UWS HiPriv Services" windows service and see what happens. If that doesn't help, change the user of the monitoring service and see what happens. However, there is a significant probability none of this will help because UWS was not designed to work under user identities other than LS and NS.

Best regards,
UltiDev Team.

Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Guest
#5 Posted : Friday, March 30, 2018 9:35:50 PM(UTC)
Groups:

Message was deleted by a Moderator.
Rss Feed  Atom Feed
Users browsing this topic
Guest (4)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You can vote in polls in this forum.