3

I have a Windows 2012 R2 server which has been happily running a windows service for roughly 3-4 months with various build revisions going into the software.

The server configuration hasn't changed at all, however I have just started seeing the following error when manually trying to start the windows service and doing it from our build system.

System error 5 has occurred. starting service

The event log is pretty fruitless too:

The <service name> service terminated with the following error: Access is denied.

As mentioned above the accounts used for this have not changed. I have checked that the service folder has full permissions on it and have even tried running the service under a local account and administrator account. Both of these produce exactly the same error.

Is there any way for me to obtain more information about the problem? Nothing else on the server seems affected.

fungus1487
  • 131
  • 1
  • 2
  • 1
    Use Process Monitor and perform a trace while you attempt to start the service. Then filter the events where `Result != Success` and see on what object access is being denied. – Ryan Ries Dec 18 '14 at 16:19
  • What service? Or is it all services? Or is it a custom built service? – Colyn1337 Dec 18 '14 at 16:35
  • Has the password on the service account expired? Default length is about 3 months. – JamesRyan Dec 18 '14 at 16:50
  • Sometimes just blanking out the password used under "Log on as", applying the change, and then re-typing the password fixes these access denied problems. You can also check that the user (still) has the necessary rights for running as a service with `editrights -l -u ` – JasonAzze Dec 18 '14 at 16:54
  • Ran ProcMon and I get a lot of "NAME NOT FOUND" including HKLM\System\CurrentControlSet\Services\gupdatem\Group HKLM\System\CurrentControlSet\Services\hidserv\StartOverride HKLM\System\CurrentControlSet\Services\hkmsvc\StartOverride and many many more. The service is a custom service. The service account is set to not expire. I have tried blanking out the password, the reapplying to no avail. What tool is editrights? I assume its not an inbuilt windows command? – fungus1487 Dec 18 '14 at 17:08
  • 1
    Ah, sorry. I didn't realize that editrights is actually a Cygwin utility. I thought it was a native Windows tool. – JasonAzze Dec 18 '14 at 19:16
  • I installed cygwin (make sure you run the console as admin) and have verified that my user account running the service has 'SeServiceLogonRight' whereas my normal account for RDP etc. does not. – fungus1487 Dec 18 '14 at 21:23

2 Answers2

0

This is really frustrating, several days after diagnosing and attempting to resolve the issue with the above steps in the comments, the issue has disappeared. This is a standalone server, no updates have taken effect, nobody else has had access. My only conclusion is this is cache or time related, I don't even know if that makes sense but starting/stopping the service now works as expected.

fungus1487
  • 131
  • 1
  • 2
0

Has anything changed with the location of the source files. This sounds something like a Two Hop problem. Which will give you an "Access Denied" error message but everything is set up to allow access. I assume that this user is in Active Directory.

TechGuyTJ
  • 792
  • 1
  • 13
  • 26
  • Source files are exactly the same, no location change. It is a single server, so the user it is running as is created locally. – fungus1487 Dec 23 '14 at 16:25