Signed assemblies prevent my service from starting

Question

When I sign the assemblies in my service with the Verisign signtool.exe, it fails to start when the machine starts, on a machine running Windows 2003 Server. The event log has two events:

"Timeout (30000 milliseconds) waiting for the xxx Service service to connect." and "The xxx Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion."

It starts fine once the machine is running. It starts fine in XP and Vista. It starts fine when the assemblies are unsigned.

Answer 1

Authenticode signing your assemblies can have a very negative effect on cold startup. See this KB article for details.

http://support.microsoft.com/default.aspx/kb/936707

Answer 2

As spacedog said, Authenticode can have a bad impact on startup time. So the question is what are you signing? It should be sufficient to Authenticode sign only your service executable which in turn must only reference strong named assemblies. Thus the overhead of verifying the Authenticode signature.

You could install your assemblies to the GAC - if possible - this will slightly boost startup performance because the strong name validation is skipped (see Authenticode and Assemblies) and / or you could also ngen your assemblies if startup time still is an issue.

From the answer to Windows service startup timeout by Romulo A. Ceccon:

It's good practice to finish starting your service as fast as possible. So, during the start state, do only what you absolutely need to acknowledge it started successfully; and do the rest later. If the start is still a lengthy process, use SetServiceStatus periodically to inform the Service Control Manager that you have not yet finished, so it does not time-out your service.

In addition to SetServiceStatus you could also try to tell the Service Control Manager (SCM) that the service needs additional time to start up by calling ServiceBase.RequestAdditionalTime.

Answer 3

This problem is very common for signed .NET service executables: the service will fail to start at boot time, but run fine when started manually afterwards. Whether ServiceBase.RequestAdditionalTime is used is irrelevant: in fact, no user code is executed at all prior to the service start request timing out. This effect is even more pronounced on machines without Internet connectivity: in that case, even manually starting the service from the SCM will fail.

To resolve this issue, disable the verification of the Authenticode signature at load time in order to create Publisher evidence, by adding the following elements to your .exe.config file:

<configuration>
    <runtime>
        <generatePublisherEvidence enabled="false"/>
    </runtime>
</configuration>

Publisher evidence is a little-used Code Access Security (CAS) feature: only if your service relies on the PublisherMembershipCondition will disabling it cause issues. In all other cases, it will make the permanent or intermittent startup failures go away, by no longer requiring the runtime to do expensive certificate checks (including revocation list lookups).

Edit, July 2010: For applications using version 4.0 of the .NET Framework, this workaround is no longer required.