views:

154

answers:

2

I've developed a .NET based Windows service that uses part managed (C#) and unmanaged code (C/C++ libraries).

In some domain environments (e.g. Win 2k3 32bit server inside domain abc.com) sometimes the service takes more than 30 seconds to start (especially on OS restart), thus failing to start the service. I suspect that it has something to do with enterprise level security but I do not know for sure.

http://msdn.microsoft.com/en-us/library/aa720255%28VS.71%29.aspx

I've tried the following without success: - delay loading references by moving the using directives as far as possible from the servicebase implementation (especially the xml namespace - know to cause delays in loading) - delay loading and configuring log4net - precompiling the code by using ngen - delaying the start of the worker thread - add/remove manifest + decencies set inside - sign/unsign the binaries - use the configuration settings (there are a lot of settings and the scope level for all is set to application ) as later as possible - add all dependencies to GAC

I didn't tried yet to add security demands for the class that has the Main method implemented. I didn't tries to implement my own configuration loader because after inspecting the autogenerated code, I've noticed that the setting class is a singletone and it gets its instance on call.

By completely removing the log4net dependency it worked, but this is not an option.

When the network card is disabled the service starts immediately.

Any suggestions/comments/solution you have would be most welcomed.

+1  A: 

You'd normally use SysInternals' Process Monitor to diagnose this problem. The fact that this is a service complicates matters. Check this blog post for a similar troubleshooting session.

It quacks like a CRL (Certification Revocation List) problem btw. To disable it: Control Panel, Internet Options, Advanced tab, Security, untick "Check for publisher's certificate revocation".

Hans Passant
I've implemented in such way as to make it work as a simple console application and used WinDbg. After looking at the windbg output I've noticed that one of the dependencies - a C++ library is loaded after the application starts, and the configuration and xml namespace do get loaded and it takes 59 seconds to load the next ones - culture..ModLoad: MyDependencyDll.dll.C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll(d18.afc): CLR exception - code e0434f4d (first chance).C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
ltorje
Well, use Process Monitor.
Hans Passant
Thank you nobugz
ltorje
After looking with procxp I've found an interested thread that uses WinHTTP - QueryDNS and another one waiting for the first one cryptography related. Note: all my binaries are digitally signed with a valid VeriSign certificate. After I've removed the DNS entry from the network connection the service worked like a charm (same if the binaries were not signed). I presume that it tries to check if the certificate is valid and even try to resolve the name from the certificate, which it can't (no internet connection). How could I prevent it from doing that?
ltorje
@ltorje - yup, now it really yells CRL. I updated my answer to show how to turn it off.
Hans Passant
I've forgot to mention that I've did made the steps from http://weblogs.sqlteam.com/tarad/archive/2006/10/05/13676.aspx but without any success- disable CRLI've even tried to add the certificate to the trusted publishers.Note: the certificate used to sign the code is based on a VeriSign Class 3 Code Signing 2009-2 CAhttp://www.amug.org/~glguerin/opinion/revocation.html
ltorje
Setting crl.microsoft.com to 127.0.0.1 in hosts does not do the trick either
ltorje
fix from Microsoft http://support.microsoft.com/default.aspx/kb/936707
ltorje
A: 

We discovered that using a log4net UDP appender with a name resolution (even to 12.0.0.1) was causing a massive slow down in start up.

Preet Sangha