WCF ServiceHost basicHttpBinding 503 error

2019-02-23 17:28发布

问题:

I'm trying to run a WCF ServiceHost as an NT Service on a Windows 2007 SP1 Server. The ServiceHost is reponsible for hosting a single service endpoint: a basicHttpBinding with the following address:

http://localhost:5555/ToBlah

When I run this ServiceHost on my local machine (Windows XP), it works fine - when I POST a SOAP message to it, I get back an HTTP 202 code ("Accepted"), which is the correct response for my service because the contract has IsOneWay=true. However, when I run this on my 2007 server, I get 503 errors when I try to call the service. I have the WCF message logging turned "all the way up," but I'm not seeing any logging whatsoever, which leads me to believe that this is happening at a lower level than WCF (the call never gets to the WCF "layer").

The sys-admins and I have tried various forms of httpcfg commands, but no luck so far.

I know trying to host this in IIS might be a possible solution, but our production app server does not have IIS installed, so I would like to just run the service as a ServiceHost.

Any ideas would be greatly appreciated!

回答1:

It seems to me that either a firewall on the server or another configuration setting is blocking the port.

If not, then your service may be experiencing an error during the creation of the ServiceHost object instance or during the creation of the service endpoint, and the error is for some reason not trapped(?). You could write some simple internal test loop within the service code to verify that the service endpoint was created correctly. That might reveal something interesting.

Additionally, running a client from that server and connecting to your service that is running on the development machine might tell you something more? You could use WCFTestClient.exe, as referenced here: Is it possible to make the WcfTestClient work for custom transport channels?. That might give you additional information. However, you will need to support MetadataExchange (Mex) in your service in order to use that test client.

Alternatively, you could use the WCF samples from the Visual Studio 2008 Samples folder, combined with WCFTestClient.exe to test some services that are self-hosted and are expected to work correctly, first within the server and then from outside of the server.



回答2:

Well, I still can't get it to work on the Vista servers - it's still giving 503 errors, but I ended up getting it setup on a Windows 2003 server, and it seems to be working now.

One thing I did learn in this process was the use of HttpCfg.exe to allow a user to open a non-standard HTTP port.

Basically I had to run something like the following command:

httpcfg.exe set urlacl /u http://+:5555/ /a "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)"

You can then view the URL ACL settings with this command:

httpcfg.exe query urlacl

On Vista, you can run the same types of commands using netsh (see link below).

Sadly, this took awhile to figure out, but it was a good learning experience.

Here are some links that I thought were useful in figuring this out:

  • http://www.leastprivilege.com/HttpCfgACLHelper.aspx
    • This explians how to get the SID for your user account (for the /a part of the command. Coincidentally, this is easier on Vista - you can just specify the domain\user in the netsh http set urlacl command
  • http://technet.microsoft.com/en-us/library/cc781601.aspx
    • This explains the syntax/options of the HttpCfg.exe command
  • http://msdn.microsoft.com/en-us/library/ms733768.aspx
    • This really explains everything you need to know for HttpCfg/netsh http
  • http://blogs.msdn.com/drnick/archive/2006/04/14/configuring-http.aspx
    • Similar info to the msdn link above, but provides more explanation, and more relation to WCF
  • http://dotnet.dzone.com/news/msmq-wcf-and-iis-getting-them-
    • Another description of WCF and HTTP (and MSMQ), with a focus on IIS


回答3:

What identity is configured for the NT service? To isolate the problem, try using a local-admin account to see if this problem is permission related.



回答4:

If you are using Windows Vista or Windows 7 you have to use "netsh", which is easier to use as well.

  • Local user account:

    netsh http add urlacl url=http://+:8001/ user=ComputerName\Username

  • Domain user account:

    netsh http add urlacl url=http://+:8001/ user=DomainName\Username

  • Built-in NetworkService account:

    netsh http add urlacl url=http://+:8001/ user="NT AUTHORITY\NETWORK SERVICE"