.NET windows service fails to start when digitally signed

Situation: .NET windows service

All works fine until we digitally signed the service exe. After that
starting the service often fails (A timeout was reached (30000 milliseconds)
while waiting for the ... service to connect.). I can reproduce this
behaviour with XP x64.

Looks like windows tries to verify the signature and this take too much
time. When I disconnect the computer from the internet, the service starts.

I am not the only one having this problem:

http://www.codeprof.com/dev-archive/209/12-44-2099945.shtm

http://www.msnewsgroups.net/group/microsoft.public.dotnet.la nguages.csharp/topic2033.aspx

Any solutions?

Thanks for your help
Ralf

RE: .NET windows service fails to start when digitally signed

Does the system user have access to the Internet?

--
Browse http://connect.microsoft.com/VisualStudio/feedback/ and vote.
http://www.peterRitchie.com/blog/
Microsoft MVP, Visual Developer - Visual C#


"Ralf" wrote:

> Situation: .NET windows service
>
> All works fine until we digitally signed the service exe. After that
> starting the service often fails (A timeout was reached (30000 milliseconds)
> while waiting for the ... service to connect.). I can reproduce this
> behaviour with XP x64.
>
> Looks like windows tries to verify the signature and this take too much
> time. When I disconnect the computer from the internet, the service starts.
>
> I am not the only one having this problem:
>
> http://www.codeprof.com/dev-archive/209/12-44-2099945.shtm
>
> http://www.msnewsgroups.net/group/microsoft.public.dotnet.la nguages.csharp/topic2033.aspx
>
> Any solutions?
>
> Thanks for your help
> Ralf
>
>
>
>

RE: .NET windows service fails to start when digitally signed

Hi Ralf,

Regarding on the issue you encountered, it is caused by the CLR's
certification revocation list verification for digital signed assemblies.

CLR is taking a long time in verifying the digital signature of the service
executable. If the machine doesn't have internet connection, we can
probably disable CRL revocation checking. Otherwise, it will timeout only
after 60 seconds. But this activity has to be approached from an
Administrator perspective and NOT programmatically. There is no per process
or application setting. I know how to do it for the current user using .NET
Framework SDK tool called setreg as below.(you can execute it in the VS
2005 .net commandline prompt):

setreg.exe 3 FALSE

for disabling CRL revocation checking.

This tool changes the registry settings for the current user account (under
HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trus t
Providers\Software Publishing\State). The registry key location is not
documented.

Another means you may try is to download the signature file manually and
install them in the system. This is again should be done by system
Administrator.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx .

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "Ralf"
>Subject: .NET windows service fails to start when digitally signed
>Date: Fri, 25 Jan 2008 11:06:00 +0100
>
>Situation: .NET windows service
>
>All works fine until we digitally signed the service exe. After that
>starting the service often fails (A timeout was reached (30000
milliseconds)
>while waiting for the ... service to connect.). I can reproduce this
>behaviour with XP x64.
>
>Looks like windows tries to verify the signature and this take too much
>time. When I disconnect the computer from the internet, the service starts.
>
>I am not the only one having this problem:
>
>http://www.codeprof.com/dev-archive/209/12-44-2099945.shtm
>
>http://www.msnewsgroups.net/group/microsoft.public.dotnet.l anguages.csharp/
topic2033.aspx
>
>Any solutions?
>
>Thanks for your help
>Ralf
>
>
>
>

Re: .NET windows service fails to start when digitally signed

Hi Steven,

thanks for your help.

>I know how to do it for the current user using .NET
> Framework SDK tool called setreg as below.(you can execute it in the VS
> 2005 .net commandline prompt):
>
> setreg.exe 3 FALSE
Does that work if the service is running in local system context?

> This tool changes the registry settings for the current user account
> (under
> HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trus t
> Providers\Software Publishing\State). The registry key location is not
> documented.
I am not really happy with that. Sounds like building a security whole in
the system.

>This is again should be done by system Administrator.
That's a problem. We are selling standard software and our customers expect
that they can install and run the software without error messages and
without the need of reconfigure their system.

Thanks
Ralf


"Steven Cheng[MSFT]" schrieb im Newsbeitrag
news:Vnuzm5XYIHA.1500@TK2MSFTNGHUB02.phx.gbl...
> Hi Ralf,
>
> Regarding on the issue you encountered, it is caused by the CLR's
> certification revocation list verification for digital signed assemblies.
>
> CLR is taking a long time in verifying the digital signature of the
> service
> executable. If the machine doesn't have internet connection, we can
> probably disable CRL revocation checking. Otherwise, it will timeout only
> after 60 seconds. But this activity has to be approached from an
> Administrator perspective and NOT programmatically. There is no per
> process
> or application setting. I know how to do it for the current user using
> .NET
> Framework SDK tool called setreg as below.(you can execute it in the VS
> 2005 .net commandline prompt):
>
> setreg.exe 3 FALSE
>
> for disabling CRL revocation checking.
>
> This tool changes the registry settings for the current user account
> (under
> HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trus t
> Providers\Software Publishing\State). The registry key location is not
> documented.
>
> Another means you may try is to download the signature file manually and
> install them in the system. This is again should be done by system
> Administrator.
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
>
> ==================================================
>
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
> ications.
>
>
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>
> ==================================================
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>From: "Ralf"
>>Subject: .NET windows service fails to start when digitally signed
>>Date: Fri, 25 Jan 2008 11:06:00 +0100
>>
>>Situation: .NET windows service
>>
>>All works fine until we digitally signed the service exe. After that
>>starting the service often fails (A timeout was reached (30000
> milliseconds)
>>while waiting for the ... service to connect.). I can reproduce this
>>behaviour with XP x64.
>>
>>Looks like windows tries to verify the signature and this take too much
>>time. When I disconnect the computer from the internet, the service
>>starts.
>>
>>I am not the only one having this problem:
>>
>>http://www.codeprof.com/dev-archive/209/12-44-2099945.shtm
>>
>>http://www.msnewsgroups.net/group/microsoft.public.dotnet. languages.csharp/
> topic2033.aspx
>>
>>Any solutions?
>>
>>Thanks for your help
>>Ralf
>>
>>
>>
>>
>

Re: .NET windows service fails to start when digitally signed

Hi Steven,

I tried your suggestions:

>> setreg.exe 3 FALSE
Does not work. I assume the reason is that this is a curruent user settung
but the service is running as local system.

>Another means you may try is to download the signature file manually and
> install them in the system.
Does not work either.I tried different locations in the system certification
store (e.g. "trusted publishers" and "personal").

Another idea?

There must be a solution. We cannot be the only company using .net services
and sign them, are we?

Best regards
Ralf


"Steven Cheng[MSFT]" schrieb im Newsbeitrag
news:Vnuzm5XYIHA.1500@TK2MSFTNGHUB02.phx.gbl...
> Hi Ralf,
>
> Regarding on the issue you encountered, it is caused by the CLR's
> certification revocation list verification for digital signed assemblies.
>
> CLR is taking a long time in verifying the digital signature of the
> service
> executable. If the machine doesn't have internet connection, we can
> probably disable CRL revocation checking. Otherwise, it will timeout only
> after 60 seconds. But this activity has to be approached from an
> Administrator perspective and NOT programmatically. There is no per
> process
> or application setting. I know how to do it for the current user using
> .NET
> Framework SDK tool called setreg as below.(you can execute it in the VS
> 2005 .net commandline prompt):
>
> setreg.exe 3 FALSE
>
> for disabling CRL revocation checking.
>
> This tool changes the registry settings for the current user account
> (under
> HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trus t
> Providers\Software Publishing\State). The registry key location is not
> documented.
>
> Another means you may try is to download the signature file manually and
> install them in the system. This is again should be done by system
> Administrator.
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
>
> ==================================================
>
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
> ications.
>
>
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>
> ==================================================
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>From: "Ralf"
>>Subject: .NET windows service fails to start when digitally signed
>>Date: Fri, 25 Jan 2008 11:06:00 +0100
>>
>>Situation: .NET windows service
>>
>>All works fine until we digitally signed the service exe. After that
>>starting the service often fails (A timeout was reached (30000
> milliseconds)
>>while waiting for the ... service to connect.). I can reproduce this
>>behaviour with XP x64.
>>
>>Looks like windows tries to verify the signature and this take too much
>>time. When I disconnect the computer from the internet, the service
>>starts.
>>
>>I am not the only one having this problem:
>>
>>http://www.codeprof.com/dev-archive/209/12-44-2099945.shtm
>>
>>http://www.msnewsgroups.net/group/microsoft.public.dotnet. languages.csharp/
> topic2033.aspx
>>
>>Any solutions?
>>
>>Thanks for your help
>>Ralf
>>
>>
>>
>>
>

Re: .NET windows service fails to start when digitally signed

Thanks for your reply Ralf,

Sure, there does be someones else encountered the same problem. And the
suggestion I provided in previous message just refer to some of the
solutions. Not sure the exactlly reason which cause it not work on your
side. As you mentioned the "Local System" case, have you tried apply it to
a service not running in local sytem context to see whether it works.

I'll do some further research to see whether there is any other settings we
can use. I'll let you know if I get any update on this.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
>From: "Ralf"
>References:

>Subject: Re: .NET windows service fails to start when digitally signed
>Date: Tue, 29 Jan 2008 11:43:26 +0100

>Hi Steven,
>
>I tried your suggestions:
>
>>> setreg.exe 3 FALSE
>Does not work. I assume the reason is that this is a curruent user settung
>but the service is running as local system.
>
>>Another means you may try is to download the signature file manually and
>> install them in the system.
>Does not work either.I tried different locations in the system
certification
>store (e.g. "trusted publishers" and "personal").
>
>Another idea?
>
>There must be a solution. We cannot be the only company using .net
services
>and sign them, are we?
>
>Best regards
>Ralf
>
>
>"Steven Cheng[MSFT]" schrieb im Newsbeitrag
>news:Vnuzm5XYIHA.1500@TK2MSFTNGHUB02.phx.gbl...
>> Hi Ralf,
>>
>> Regarding on the issue you encountered, it is caused by the CLR's
>> certification revocation list verification for digital signed assemblies.
>>
>> CLR is taking a long time in verifying the digital signature of the
>> service
>> executable. If the machine doesn't have internet connection, we can
>> probably disable CRL revocation checking. Otherwise, it will timeout only
>> after 60 seconds. But this activity has to be approached from an
>> Administrator perspective and NOT programmatically. There is no per
>> process
>> or application setting. I know how to do it for the current user using
>> .NET
>> Framework SDK tool called setreg as below.(you can execute it in the VS
>> 2005 .net commandline prompt):
>>
>> setreg.exe 3 FALSE
>>
>> for disabling CRL revocation checking.
>>
>> This tool changes the registry settings for the current user account
>> (under
>> HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trus t
>> Providers\Software Publishing\State). The registry key location is not
>> documented.
>>
>> Another means you may try is to download the signature file manually and
>> install them in the system. This is again should be done by system
>> Administrator.
>>
>> Sincerely,
>>
>> Steven Cheng
>>
>> Microsoft MSDN Online Support Lead
>>
>>
>>
>> ==================================================
>>
>> Get notification to my posts through email? Please refer to
>>
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
>> ications.
>>
>>
>>
>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
>> where an initial response from the community or a Microsoft Support
>> Engineer within 1 business day is acceptable. Please note that each
follow
>> up response may take approximately 2 business days as the support
>> professional working with you may need further investigation to reach the
>> most efficient resolution. The offering is not appropriate for situations
>> that require urgent, real-time or phone-based interactions or complex
>> project analysis and dump analysis issues. Issues of this nature are best
>> handled working with a dedicated Microsoft Support Engineer by contacting
>> Microsoft Customer Support Services (CSS) at
>> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>>
>> ==================================================
>>
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>From: "Ralf"
>>>Subject: .NET windows service fails to start when digitally signed
>>>Date: Fri, 25 Jan 2008 11:06:00 +0100
>>>
>>>Situation: .NET windows service
>>>
>>>All works fine until we digitally signed the service exe. After that
>>>starting the service often fails (A timeout was reached (30000
>> milliseconds)
>>>while waiting for the ... service to connect.). I can reproduce this
>>>behaviour with XP x64.
>>>
>>>Looks like windows tries to verify the signature and this take too much
>>>time. When I disconnect the computer from the internet, the service
>>>starts.
>>>
>>>I am not the only one having this problem:
>>>
>>>http://www.codeprof.com/dev-archive/209/12-44-2099945.sht m
>>>
>>>http://www.msnewsgroups.net/group/microsoft.public.dotnet .languages.cshar
p/
>> topic2033.aspx
>>>
>>>Any solutions?
>>>
>>>Thanks for your help
>>>Ralf
>>>
>>>
>>>
>>>
>>
>
>
>

Re: .NET windows service fails to start when digitally signed

Hi Steven,

I found out that Microsoft has the same problem with Exchange 2007:
"Exchange 2007 managed code services do not start after you install an
update rollup for Exchange 2007"
http://support.microsoft.com/kb/944752/en-us

In article describes a workaround the works: set the timeout for the SCM to
60000ms (HKLM\SYSTEM\CurrentControlSet\ServicesPipeTimeout).

I also tried a different approach: Using the .NET-Framework 3.5 and insert
the following section in the appconfig seems to work too, without changing
system timeout values:






So I decided to use the .NET-Framework 3.5......and got into the next
trouble.
I can't install the .NET-Framework on several XP machines. The setup shows
an error message (setup encountered a problem) and quits. Grrrrrrrrr. Is
there a working setup for the .NET-Framework 3.5 available?

Regards
Ralf


"Steven Cheng[MSFT]" schrieb im Newsbeitrag
news:9m3HqRvYIHA.7068@TK2MSFTNGHUB02.phx.gbl...
> Thanks for your reply Ralf,
>
> Sure, there does be someones else encountered the same problem. And the
> suggestion I provided in previous message just refer to some of the
> solutions. Not sure the exactlly reason which cause it not work on your
> side. As you mentioned the "Local System" case, have you tried apply it to
> a service not running in local sytem context to see whether it works.
>
> I'll do some further research to see whether there is any other settings
> we
> can use. I'll let you know if I get any update on this.
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> --------------------
>>From: "Ralf"
>>References:
>
>>Subject: Re: .NET windows service fails to start when digitally signed
>>Date: Tue, 29 Jan 2008 11:43:26 +0100
>
>>Hi Steven,
>>
>>I tried your suggestions:
>>
>>>> setreg.exe 3 FALSE
>>Does not work. I assume the reason is that this is a curruent user settung
>>but the service is running as local system.
>>
>>>Another means you may try is to download the signature file manually and
>>> install them in the system.
>>Does not work either.I tried different locations in the system
> certification
>>store (e.g. "trusted publishers" and "personal").
>>
>>Another idea?
>>
>>There must be a solution. We cannot be the only company using .net
> services
>>and sign them, are we?
>>
>>Best regards
>>Ralf
>>
>>
>>"Steven Cheng[MSFT]" schrieb im Newsbeitrag
>>news:Vnuzm5XYIHA.1500@TK2MSFTNGHUB02.phx.gbl...
>>> Hi Ralf,
>>>
>>> Regarding on the issue you encountered, it is caused by the CLR's
>>> certification revocation list verification for digital signed
>>> assemblies.
>>>
>>> CLR is taking a long time in verifying the digital signature of the
>>> service
>>> executable. If the machine doesn't have internet connection, we can
>>> probably disable CRL revocation checking. Otherwise, it will timeout
>>> only
>>> after 60 seconds. But this activity has to be approached from an
>>> Administrator perspective and NOT programmatically. There is no per
>>> process
>>> or application setting. I know how to do it for the current user using
>>> .NET
>>> Framework SDK tool called setreg as below.(you can execute it in the VS
>>> 2005 .net commandline prompt):
>>>
>>> setreg.exe 3 FALSE
>>>
>>> for disabling CRL revocation checking.
>>>
>>> This tool changes the registry settings for the current user account
>>> (under
>>> HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trus t
>>> Providers\Software Publishing\State). The registry key location is not
>>> documented.
>>>
>>> Another means you may try is to download the signature file manually and
>>> install them in the system. This is again should be done by system
>>> Administrator.
>>>
>>> Sincerely,
>>>
>>> Steven Cheng
>>>
>>> Microsoft MSDN Online Support Lead
>>>
>>>
>>>
>>> ==================================================
>>>
>>> Get notification to my posts through email? Please refer to
>>>
> http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
>>> ications.
>>>
>>>
>>>
>>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
> issues
>>> where an initial response from the community or a Microsoft Support
>>> Engineer within 1 business day is acceptable. Please note that each
> follow
>>> up response may take approximately 2 business days as the support
>>> professional working with you may need further investigation to reach
>>> the
>>> most efficient resolution. The offering is not appropriate for
>>> situations
>>> that require urgent, real-time or phone-based interactions or complex
>>> project analysis and dump analysis issues. Issues of this nature are
>>> best
>>> handled working with a dedicated Microsoft Support Engineer by
>>> contacting
>>> Microsoft Customer Support Services (CSS) at
>>> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>>>
>>> ==================================================
>>>
>>>
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> --------------------
>>>>From: "Ralf"
>>>>Subject: .NET windows service fails to start when digitally signed
>>>>Date: Fri, 25 Jan 2008 11:06:00 +0100
>>>>
>>>>Situation: .NET windows service
>>>>
>>>>All works fine until we digitally signed the service exe. After that
>>>>starting the service often fails (A timeout was reached (30000
>>> milliseconds)
>>>>while waiting for the ... service to connect.). I can reproduce this
>>>>behaviour with XP x64.
>>>>
>>>>Looks like windows tries to verify the signature and this take too much
>>>>time. When I disconnect the computer from the internet, the service
>>>>starts.
>>>>
>>>>I am not the only one having this problem:
>>>>
>>>>http://www.codeprof.com/dev-archive/209/12-44-2099945.sh tm
>>>>
>>>>http://www.msnewsgroups.net/group/microsoft.public.dotne t.languages.cshar
> p/
>>> topic2033.aspx
>>>>
>>>>Any solutions?
>>>>
>>>>Thanks for your help
>>>>Ralf
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>

Re: .NET windows service fails to start when digitally signed

Hi Ralf,

Glad that you've found a workaround. As for .NET 3.5, you can download it
from the following site:

http://www.microsoft.com/downloads/details.aspx?familyid=333 325FD-AE52-4E35-
B531-508D977D32A6&displaylang=en

Also, since .net 3.5 add increment features based on .NET 2.0 and 3.0, I
suggest you install all of them in order.

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=156074 6&SiteID=1

Make sure that you haven't any previously installed beta components of VS
2008(orcas). For potential install problems, here are some existing
articles indicate some of the problems:

http://blogs.msdn.com/astebner/archive/2007/11/01/5826719.as px

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=156074 6&SiteID=1

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
>From: "Ralf"
>Subject: Re: .NET windows service fails to start when digitally signed
>Date: Wed, 30 Jan 2008 12:33:16 +0100

>
>Hi Steven,
>
>I found out that Microsoft has the same problem with Exchange 2007:
>"Exchange 2007 managed code services do not start after you install an
>update rollup for Exchange 2007"
>http://support.microsoft.com/kb/944752/en-us
>
>In article describes a workaround the works: set the timeout for the SCM
to
>60000ms (HKLM\SYSTEM\CurrentControlSet\ServicesPipeTimeout).
>
>I also tried a different approach: Using the .NET-Framework 3.5 and insert
>the following section in the appconfig seems to work too, without changing
>system timeout values:
>
>
>
>
>
>
>So I decided to use the .NET-Framework 3.5......and got into the next
>trouble.
>I can't install the .NET-Framework on several XP machines. The setup shows
>an error message (setup encountered a problem) and quits. Grrrrrrrrr. Is
>there a working setup for the .NET-Framework 3.5 available?
>
>Regards
>Ralf
>
>
>"Steven Cheng[MSFT]" schrieb im Newsbeitrag
>news:9m3HqRvYIHA.7068@TK2MSFTNGHUB02.phx.gbl...
>> Thanks for your reply Ralf,
>>
>> Sure, there does be someones else encountered the same problem. And the
>> suggestion I provided in previous message just refer to some of the
>> solutions. Not sure the exactlly reason which cause it not work on your
>> side. As you mentioned the "Local System" case, have you tried apply it
to
>> a service not running in local sytem context to see whether it works.
>>
>> I'll do some further research to see whether there is any other settings
>> we
>> can use. I'll let you know if I get any update on this.
>>
>> Sincerely,
>>
>> Steven Cheng
>>
>> Microsoft MSDN Online Support Lead
>>
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> --------------------
>>>From: "Ralf"
>>>References:
>>
>>>Subject: Re: .NET windows service fails to start when digitally signed
>>>Date: Tue, 29 Jan 2008 11:43:26 +0100
>>
>>>Hi Steven,
>>>
>>>I tried your suggestions:
>>>
>>>>> setreg.exe 3 FALSE
>>>Does not work. I assume the reason is that this is a curruent user
settung
>>>but the service is running as local system.
>>>
>>>>Another means you may try is to download the signature file manually and
>>>> install them in the system.
>>>Does not work either.I tried different locations in the system
>> certification
>>>store (e.g. "trusted publishers" and "personal").
>>>
>>>Another idea?
>>>
>>>There must be a solution. We cannot be the only company using .net
>> services
>>>and sign them, are we?
>>>
>>>Best regards
>>>Ralf
>>>
>>>
>>>"Steven Cheng[MSFT]" schrieb im
Newsbeitrag
>>>news:Vnuzm5XYIHA.1500@TK2MSFTNGHUB02.phx.gbl...
>>>> Hi Ralf,
>>>>
>>>> Regarding on the issue you encountered, it is caused by the CLR's
>>>> certification revocation list verification for digital signed
>>>> assemblies.
>>>>
>>>> CLR is taking a long time in verifying the digital signature of the
>>>> service
>>>> executable. If the machine doesn't have internet connection, we can
>>>> probably disable CRL revocation checking. Otherwise, it will timeout
>>>> only
>>>> after 60 seconds. But this activity has to be approached from an
>>>> Administrator perspective and NOT programmatically. There is no per
>>>> process
>>>> or application setting. I know how to do it for the current user using
>>>> .NET
>>>> Framework SDK tool called setreg as below.(you can execute it in the VS
>>>> 2005 .net commandline prompt):
>>>>
>>>> setreg.exe 3 FALSE
>>>>
>>>> for disabling CRL revocation checking.
>>>>
>>>> This tool changes the registry settings for the current user account
>>>> (under
>>>> HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trus t
>>>> Providers\Software Publishing\State). The registry key location is not
>>>> documented.
>>>>
>>>> Another means you may try is to download the signature file manually
and
>>>> install them in the system. This is again should be done by system
>>>> Administrator.
>>>>
>>>> Sincerely,
>>>>
>>>> Steven Cheng
>>>>
>>>> Microsoft MSDN Online Support Lead
>>>>
>>>>
>>>>
>>>> ==================================================
>>>>
>>>> Get notification to my posts through email? Please refer to
>>>>
>>
http://msdn.microsoft.com/subscriptions/managednewsgroups/de fault.aspx#notif
>>>> ications.
>>>>
>>>>
>>>>
>>>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
>> issues
>>>> where an initial response from the community or a Microsoft Support
>>>> Engineer within 1 business day is acceptable. Please note that each
>> follow
>>>> up response may take approximately 2 business days as the support
>>>> professional working with you may need further investigation to reach
>>>> the
>>>> most efficient resolution. The offering is not appropriate for
>>>> situations
>>>> that require urgent, real-time or phone-based interactions or complex
>>>> project analysis and dump analysis issues. Issues of this nature are
>>>> best
>>>> handled working with a dedicated Microsoft Support Engineer by
>>>> contacting
>>>> Microsoft Customer Support Services (CSS) at
>>>> http://msdn.microsoft.com/subscriptions/support/default.aspx .
>>>>
>>>> ==================================================
>>>>
>>>>
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> --------------------
>>>>>From: "Ralf"
>>>>>Subject: .NET windows service fails to start when digitally signed
>>>>>Date: Fri, 25 Jan 2008 11:06:00 +0100
>>>>>
>>>>>Situation: .NET windows service
>>>>>
>>>>>All works fine until we digitally signed the service exe. After that
>>>>>starting the service often fails (A timeout was reached (30000
>>>> milliseconds)
>>>>>while waiting for the ... service to connect.). I can reproduce this
>>>>>behaviour with XP x64.
>>>>>
>>>>>Looks like windows tries to verify the signature and this take too much
>>>>>time. When I disconnect the computer from the internet, the service
>>>>>starts.
>>>>>
>>>>>I am not the only one having this problem:
>>>>>
>>>>>http://www.codeprof.com/dev-archive/209/12-44-2099945.s htm
>>>>>
>>>>>http://www.msnewsgroups.net/group/microsoft.public.dotn et.languages.csh
ar
>> p/
>>>> topic2033.aspx
>>>>>
>>>>>Any solutions?
>>>>>
>>>>>Thanks for your help
>>>>>Ralf
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>