WAC NT Authority\Network Service won't open port

%3CLINGO-SUB%20id%3D%22lingo-sub-2637644%22%20slang%3D%22en-US%22%3EWAC%20NT%20Authority%5CNetwork%20Service%20won't%20open%20port%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2637644%22%20slang%3D%22en-US%22%3E%3CP%3EAt%20some%20point%2C%20either%20a%20windows%20update%20or%20WAC%20update%20seems%20to%20have%20caused%20our%20WAC%20to%20not%20open%20443%20when%20running%20as%20the%20default%20Network%20Service%20account.%26nbsp%3B%20If%20I%20change%20the%20service%20account%20to%20my%20administrative%20user%20account%2C%20it%20runs%20fine%20%2F%20launches%20fine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20launched%20proc%20mon%20and%20did%20find%20that%20it%20randomly%20was%20denying%20that%20account%20access%20to%20a%20few%20spots%20under%20HKEY_LOCAL_MACHINE%5CSOFTWARE%5CMicrosoft%5CSystemCertificates%20in%20the%20registry%2C%20so%20I%20added%20those%20permissions%20-%20but%20it%20didn't%20resolve%20the%20issue.%20No%20other%20'access%20is%20denied'%20events%20occur%20in%20a%20proc%20mon%20when%20starting%20the%20service%3B%20the%20service%20'starts'%20and%20doesn't%20end%2Fstop%2Ffail%2C%20it%20just%20doesn't%20open%20the%20port%20%2F%20the%20site%20is%20unavailable%20locally%20and%20via%20the%20network.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can't%20find%20any%20log%20files%20to%20help%20troubleshoot%2C%20and%20would%20rather%20not%20use%20a%20service%20account%20as%20-%20i%20believe%20-%20updates%20will%20re-set%20the%20service%20to%20run%20on%20Network%20Service%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

At some point, either a windows update or WAC update seems to have caused our WAC to not open 443 when running as the default Network Service account.  If I change the service account to my administrative user account, it runs fine / launches fine.

 

I launched proc mon and did find that it randomly was denying that account access to a few spots under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates in the registry, so I added those permissions - but it didn't resolve the issue. No other 'access is denied' events occur in a proc mon when starting the service; the service 'starts' and doesn't end/stop/fail, it just doesn't open the port / the site is unavailable locally and via the network.

 

I can't find any log files to help troubleshoot, and would rather not use a service account as - i believe - updates will re-set the service to run on Network Service

0 Replies