System error 5 Access is denied when starting a .NET service

Question

When I try to start a service I created in Visual Studio I receive the following error:

System error 5 has occurred.

Access is denied.

I am running the command line with elevated privileges, so it's not that problem. Is there any place I can look to see what error is occuring.

score 50 · Accepted Answer · answered Feb 22 '09 at 05:58

50

To get it to work I needed to add permissions to the output bin\debug folder for my service project.

The Local Service account didn't have permissions to the output .exe file, and this was why the error was occuring.

answered Feb 22 '09 at 05:58

Daniel O

2,802
3
26
35

1

Silly thing really. I simply ran the install from the debug folder which I thought would place the actual executable in the proper directory. The permissions did the trick. – Jeff.Crossett Apr 21 '09 at 12:39
Worked for me too - thanks. I just wanted to try it out and installing from a Debug folder was the lazy option :-) – rohancragg Oct 25 '09 at 12:54
1

It's a good thing that you posted this answer when you found the solution yourself. I had the same problem and it helped me. Thanks :-D – Dariusz Walczak Aug 11 '10 at 11:37
7

Possible you could elaborate on the steps required to fix this? – JonE Oct 21 '12 at 17:19
3

Good day can anyone please elaborate this. What do you mean by add permission to the bin/debug. Thanks. – user2530748 Aug 14 '13 at 05:53
Steps required are outlined here: http://stackoverflow.com/questions/11978054/cannot-start-windows-service-in-networkservice-account/11983513#11983513 – Liam Laverty Aug 14 '14 at 08:26

score 17 · Answer 2 · answered Sep 16 '13 at 10:55

17

Had the same issue.

Fixed by running the service under "Local System Account"

enter image description here

answered Sep 16 '13 at 10:55

Alexander G

1,829
3
20
30

score 13 · Answer 3 · edited Mar 09 '16 at 14:09

13

In my case the solution was even that simple: Run Command Prompt as administrator.

edited Mar 09 '16 at 14:09

johnnyRose

6,243
16
40
58

answered Sep 03 '12 at 11:24

hfrmobile

913
12
15

1

But when you try to schedule your service through task schedule, this solution will not work. – Farrukh Sarmad Oct 01 '18 at 13:28

score 10 · Answer 4 · answered Feb 22 '09 at 09:23

10

I see you've fixed the problem; but in reality, you shouldn't normally be running the service from a project's bin folder anyway - the files should be put somewhere project and profile independent (for example, under program files). For debugging purposes (when it will be in the bin folder), you can detect whether it is a service in Main(), and if it is being run interactively just run the service code directly, rather than the usual service-start setup.

You can detect either by adding a command line argument, or you can try checking Environment.UserInteractive.

answered Feb 22 '09 at 09:23

Marc Gravell

927,783
236
2,422
2,784

Yea, in my scenario is was in DEV, and a post-build event deploys and starts the service for me, ready for me to attach to it. – Daniel O Feb 23 '09 at 00:45
1

This is true, but it's also important to debug the service running as the Local Service user, otherwise you might run into unexpected permissions issues when running in production. – davidtbernal Mar 15 '11 at 17:05
Marc's suggestion is the proper way to do it :) If you just want to get past the error, then see the accepted answer – Daniel O Sep 13 '11 at 14:42

score 2 · Answer 5 · answered Dec 27 '14 at 18:59

The Local Services account doesn't seem to be privileged to control a service. So, in the service's LogOn Property, change the account type to Local System and allow service to interact with desktop.

Also, make sure that, you install the service using instalutil, as an administrator.

Lastly, when you want to run a service from the command prompt using the "net start [service name]" command, you have to run the command prompt as an administrator.

score 1 · Answer 6 · answered Jan 28 '10 at 07:07

I had the same problem because my project and its source code was in a folder that had NTFS's Encrypting File System (EFS) enabled. This caused by compiled assemblies being encrypted aswell and the user running my service didn't have permissions to decrypt them. Removing EFS was the easy solution for this. It can be done by command line using CIPHER.EXE, which is a Windows tool.

score 0 · Answer 7 · answered Oct 16 '13 at 06:32

I had the same problem when I migrated a service from vs05 to vs2010, from framework 2.0 till framework 4.0 at the same time. I got Access denied. As soon as a change back to framework 2.0 it worked again. The ?%¤#%&%& problem was that the initializing string for the service was incorrect (?!). The string expected quotes at the beginning and at the end!

Before....path + service name" "/parameter=1 ' this had worked with framework 2.0

After...."path + service name" "/parameter=1"

Access Denied has nothing to do with the problem. Why not "Path not found " or "missing parameter"

score 0 · Answer 8 · edited Mar 09 '16 at 14:08

0

Run it from Task Scheduler with highest privileges and it will work.

edited Mar 09 '16 at 14:08

johnnyRose

6,243
16
40
58

answered Mar 04 '16 at 18:05

Matt Averill

1

score 0 · Answer 9 · answered Mar 07 '16 at 16:42

A user account with administrator rights will prompt “are you sure?” in situations where the administrator account is not prompted. I had this problem with net stop netprofm.

To remove the prompt do this.

Control Panel, User Accounts, Change User Account Control settings, never notify

This seems to provide the user account with admin rights the same behavior as a the administrator account.

score 0 · Answer 10 · answered Apr 23 '17 at 22:33

0

Just ran into this issue after I had run an 'sc config' to change binPath of the service.

The only fix that worked for me was to 'sc delete' the service and install again.

Things worked perfectly after that.

answered Apr 23 '17 at 22:33

Norman Bentley

600
4
18

score 0 · Answer 11 · answered Dec 07 '20 at 09:06

Do not simply start the service under a different username or admin. (Unless your service actually requires admin privileges of course!) This is a security hole and creates a bad user experience.

The actual issue is that the service hasn't been assigned any permissions in the first place.

However, it must be noted that Microsoft didn't exactly make them easy to change - service permissions are similar to regular file permissions but unfortunately cannot be altered with a simple right click. They can however be read via:

sc.exe sdshow <service name>

And written via:

sc.exe sdset <service name> <permissions>

<service name> is your service name.
<permissions> is the permissions in SDDL format.

So use sdshow to get the permissions, then sdset to update them with your requirement(s). SDDL a cacophony of seemingly random letters beyond the scope of this post and more reminiscent of Unix than Windows. In short instance adding the descriptor (A;;RPWP;;;WD) would allow (A) everyone (WD) to start (RP) and stop (WP) the named service.

System error 5 Access is denied when starting a .NET service

11 Answers11

Linked

Related