1

I have this code, which establishes a SSL encrypted Stream to a server over TCP:

var client = new TcpClient(host, port);

var stream = new SslStream(client.GetStream(), false, ValidateServerCertificate);

var clientCertificates = new X509CertificateCollection {clientCertificate};

stream.AuthenticateAsClient(host, clientCertificates, sslProtocols, false);

var isAuthenticated = stream.IsAuthenticated; //This is true in both Console and Windows Service

var lenghtBytes = new byte[4];

int read = 0;

while (read < 4)
{
    read = read + stream.Read(lenghtBytes, read, 4 - read);
}

Which works perfectly fine when running as a regular Console app as Administrator user.

However the same code keeps looping in the while loop meant for reading the first 4 bytes of the stream when the app is registered and ran as a Windows Service (in Session 0), as Local System user.

While debugging, as the Console app, the while loop receives all 4 bytes on the first loop and exits the loop right after the first turn, however when ran as a Windows Service, stream doesn't receive any bytes (read is always 0) and just keeps looping forever.

Code is running on a Windows Server 2012 R2 machine with latest updates installed, on .Net Framework v4.6.2.

Any hint is highly appreciated.

Rojan Gh.
  • 1,062
  • 1
  • 9
  • 32

1 Answers1

1

When you run as a Local System,the ssl handshake can run into error based on the Root certificate availability ,proxy settings etc as these are User specific for windows.It will be difficult to understand where the problem is without debugging the issue.

You can run any process under Local System using sys internal utility PsExec. The command you have to use is psexec -s <programpath>

C:\windows\system32>psexec -s cmd.exe

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com


Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\windows\system32>whoami
nt authority\system

Once u have run your tool under local system,you can debug it to find out what is happening.If that does not help,you can also capture a system.net this or this

Hope it helps!

Rohith
  • 5,527
  • 3
  • 27
  • 31
  • If I understand it correctly, the handshake and tcp communications are working fine as I have `stream.IsAuthenticated == true` after `stream.AuthenticateAsClient()`. Also I am already debugging the code when running as a Service by attaching to the service and stopping on breakpoints. Does `psexec` do anything special which I am missing in my debugging scenario? – Rojan Gh. Jul 06 '17 at 07:03
  • no it does not,it runs undr Local System account.So you can reproduce the issue and debug.Are you able to reproduce the issue when running under local system ? System.net trace will give you the raw data details coming on socket.Otherwise you may have to capture a [wireshark](https://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/) trace – Rohith Jul 06 '17 at 07:38
  • I will give Wireshark a try and will compare the data. :) Thanks for pointing that out. – Rojan Gh. Jul 06 '17 at 12:11