Windows Service vs Windows desktop app RRS feed

  • Question

  • Hello Community!

    I need to implement a service (win or web). It should deal with IBM Lotus database using NotesSQL ODBC driver. I've started with a small windows app to check how it works. After a half an hour I had working desktop app. It can connect to database using the correct connection string, query data etc. It can do everything I need.
    Then, I've started to port that working code into win service and faced the problem. Even if I'm running my service using MY administrative account it has insufficient rights/permissions to run correctly. I'm receiving OdbcException. It indicates that the driver itself cannot establish connection with remote Lotus DB server, which is located in our local network. It's not a DNS resolve problem. I've tried to run it from Network Service account, LocalSystem, my own (full admin rights) without success. My code and ODBC parameters are 100% the same as in my desktop application. The only difference is the type of projects: windows desktop app and windows service. I need to run that code as windows service only.

    I've read following article about windows services
    It has a statement that:
    "Windows service applications run in their own security context..."

    What is that own security context? What is the difference between windows service security context and desktop application security context?

    Can I set somehow security environment for my service exact the same as the desktop application has by default?

    Is there a way to run my windows service with such rights that enough for my needs?

    Operating system is Windows 2003 server Enterprice SP2, .NET Framework 2.0

    Any help is greatly appreciated,


    Tuesday, May 20, 2008 10:47 AM

All replies

  • Running the service using an account other than LocalSystem or NetworkService ought to get the job done.  Beware that drive mappings are not valid in a service, you'll have to use UNC names.  If that doesn't resolve it, you'll need to contact IBM for support.
    Tuesday, May 20, 2008 1:24 PM
  • Thanks a lot for reply.

    Actually, I don't use any names, which can require full UNC naming. Maybe driver use, who knows..

    To say the truth, it's absolutely ODBC driver issue. I've contacted IBM support for that, but I don't believe they'll fix it quickly. I need this part to be done asap.

    I'm writing on this forum because the driver works within my desktop application and I'm looking for all differences between desktop applications and windows services. I'm wondering if some named pipes and/or IPC permission difference can be a cause of the issue? Could you please recommend something for me to verify that?

    I've tried to use srvany and instsrv tools from Windows Server
    2003 Resource Kit Tools package. It launched my application as a service at startup.. and sure, It failed the same way as my written service.

    The very last way for me is use desktop application as a remoting host to interact remotely with the entire system. It's very bad way. I wish I had a service for such purposes. For this case I'd like to ask how should I start such desktop app before or even without user logon?

    Wednesday, May 21, 2008 8:04 AM
  • That's not possible.
    Wednesday, May 21, 2008 10:38 AM
  • Technically speaking it is possible but not recommended, it involves a lot of work and won't solve the problems you are having in that the environment and security context still wouldn't be set up correctly for your application.


    As nobugz said before try running the service under different credentials and ensure that you have permissions to do what you want to do. Anything that occurs you for as part of logging in (such as mapping drives etc.) will have to be replicated by you in code.


    I have successfully had a windows service talking to a remote Oracle box so this is definitely something that is possible. I'm not sure what differences we might have though - but have faith, it is possible!


    Wednesday, May 21, 2008 12:00 PM
  • LazyGenius, thanks a lot for reply.

    I know that it is a bad way. I don't like such solutions, but in this situation I'm afraid I have no choice.

    I tried to run my service with full rights account (the account of domain admin), but driver still fails. It's IBM work to make it working but that requires to much time for me. Thus, I'm trying to make the security context closer to the context of a desktop application to make it work.. because it works good within desktop application.

    I'm not dealing with drivers, paths etc. Here's what my Service.OnStart do:

    OdbcConnectionStringBuilder sb = new OdbcConnectionStringBuilder();
    sb.Driver = "Lotus NotesSQL Driver (*.nsf)";
    sb.Add("Server", "");
    sb.Add("Database", "MyDataBase.nsf");
    sb.Add("UID", "lotusUser/LotusDomain");
    sb.Add("PWD", "lotusPassword");

    OdbcConnection connection = new OdbcConnection(sb.ConnectionString);
    StringBuilder outPut = new StringBuilder();
    outPut.AppendLine("Connection string:");
        outPut.AppendLine("Connection Successfull!");
    catch (Exception ex)
        outPut.AppendLine("Connection Failed!");
        if (connection != null) connection.Close();

    The same code with the same Lotus parameters works within desktop application. In the scope of service connection.Open() throws OdbcException with Lotus error, which is not described in any documents or manuals. Google does not have any references to this error. After a small testing I've got that the same error appears if I'm setting incorrect server name/server IP in the working application. I've tried to open manually socket connection to that server from this service, resolve DNS names etc and both of this operations worked fine. Is there any ideas what additional checks can I try to find out something?

    I wish I had working service with working Lotus code. At this time I've implemented the same engine within the desktop application and supplied it with a remoting server. All clients of this service works fine now.

    I've inspected features of windows task scheduling. Among all startup options there is "Launch at user logon" and "Launch at system startup". I'm waiting for next server restart to verify hot it works. But still... the application would be started from a service "Task Scheduler".. so, my application can be started from the service context and should fail again.

    Is there any ideas about making *service* working or about starting desktop application before logon?

    Thursday, May 22, 2008 8:36 AM