|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
| |
06-06-2006
| #1 (permalink) |
| | Enabling Port Sharing on a DC requires Admin privileges? Hi, We have a WCF service that uses port sharing through the Net.Tcp Port Sharing Service. This works well on non-DC computers when the WCF service is run as a non-Domain Admin user. When we run the WCF service on a DC, we find that the user running the service has to be a member of the Domain Admins group to run successfully. If the service runs as a non-Domain Admin user then this only works when Port Sharing is not used. The error message we get when trying to use port sharing as a non-Domain Admin is: FATAL Exception: The TransportManager failed to listen on the supplied Uri using the NetTcpPortSharing service: failed to read the service's endpoint (5). The Net.Tcp Port Sharing Service is running as Local Service (the default). We're assuming that somehow, on a DC, the Net.Tcp service is unable to assign the pass the endpoint over to the WCF service unless the WCF service is a Domain Admin. We really don't want the WCF service to have to run as a member of Domain Admins. Is there some permission or policy we need to set to allow port sharing for services that aren't running with Domain Admin privilege? Thanks, Corvil Howells Telvent |
My System Specs |
|
06-07-2006
| #2 (permalink) |
| | RE: Enabling Port Sharing on a DC requires Admin privileges? So I've found the solution through other channels. For those who have the same problem: - Edit C:\WINDOWS\WinFX\v3.0\Windows Communication Foundation\SMSvcHost.exe.config and add the following config section: <configuration> <system.serviceModel.activation> <net.tcp> <allowAccounts> <add securityIdentifier="S-1-5-your sid here"/> </allowAccounts> </net.tcp> </system.serviceModel.activation> ..... </configuration> Basically, replace "S-1-5-your sid here" with the SID of the non-domain admin group/user that you want to be able to use for running the WCF service on the DC. This seemed to work fine for us. Corvil Howells Telvent "TelventRTD" wrote: > Hi, > > We have a WCF service that uses port sharing through the Net.Tcp Port > Sharing Service. This works well on non-DC computers when the WCF service is > run as a non-Domain Admin user. When we run the WCF service on a DC, we find > that the user running the service has to be a member of the Domain Admins > group to run successfully. If the service runs as a non-Domain Admin user > then this only works when Port Sharing is not used. > > The error message we get when trying to use port sharing as a non-Domain > Admin is: > FATAL Exception: The TransportManager failed to listen on the supplied Uri > using the NetTcpPortSharing service: failed to read the service's endpoint > (5). > > The Net.Tcp Port Sharing Service is running as Local Service (the default). > We're assuming that somehow, on a DC, the Net.Tcp service is unable to assign > the pass the endpoint over to the WCF service unless the WCF service is a > Domain Admin. > > We really don't want the WCF service to have to run as a member of Domain > Admins. Is there some permission or policy we need to set to allow port > sharing for services that aren't running with Domain Admin privilege? > > Thanks, > > Corvil Howells > Telvent |
| My System Specs |
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| RemoteDesktop: are admin privileges different? | Vista General | |||
| Lost admin privileges | Vista account administration | |||
| locked out of admin privileges. | Vista account administration | |||
| New install: I need ADMIN privileges (and other help) | Vista General | |||
| How to get FULL Admin privileges | Vista security | |||
