Configuring the Net.TCP Port Sharing Service
Self-hosted services that use the Net.TCP transport can control several advanced settings, such as ListenBacklog and MaxPendingAccepts, which govern the behavior of the underlying TCP socket used for network communication. However, these settings for each socket only apply at the binding level if the transport binding has disabled port sharing, which is enabled by default.
When a net.tcp binding enables port sharing (by setting portSharingEnabled =true on the transport binding element), it implicitly allows an external process (namely the SMSvcHost.exe, which hosts the Net.TCP Port Sharing Service) to manage the TCP socket on its behalf. For example, when using TCP, specify:
<tcpTransport portSharingEnabled="true" />
When configured in this way, any socket settings specified on the service's transport binding element are ignored in favor of the socket settings specified by SMSvcHost.exe.
To configure the SMSvcHost.exe, create an XML configuration file named SmSvcHost.exe.config and place it in the same physical directory as the SMSvcHost.exe executable (for example, C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation).
The following example illustrates a sample SMSvcHost.exe.config, with the default settings for all configurable values stated explicitly.
<configuration> <system.serviceModel.activation> <net.tcp listenBacklog="10" maxPendingAccepts="2" maxPendingConnections="10" receiveTimeout="00:00:10" teredoEnabled="false"> <allowAccounts> <!-- LocalSystem account --> <add securityIdentifier="S-1-5-18"/> <!-- LocalService account --> <add securityIdentifier="S-1-5-19"/> <!-- Administrators account --> <add securityIdentifier="S-1-5-20"/> <!-- Network Service account --> <add securityIdentifier="S-1-5-32-544" /> <!-- IIS_IUSRS account (Vista only) --> <add securityIdentifier="S-1-5-32-568"/> </allowAccounts> </net.tcp> </configuration>
When to Modify SMSvcHost.exe.config
In general, care should be taken when modifying the contents of the SMSvcHost.exe.config file, because any configuration settings specified in this file affect all of the services on a computer that uses the Net.TCP Port Sharing Service. This includes applications on Windows Vista that use the TCP Activation features of the Windows Process Activation Service (WAS).
However, sometimes you may need to change the default configuration for the Net.TCP Port Sharing Service. For example, the default value for maxPendingAccepts is 2, which is a conservative value. Computers that host a large number of services that use port sharing should increase this value to achieve maximum throughput.
SMSvcHost.exe.config also contains information about the process identities that may make use of the port sharing service. When a process connects to the port sharing service to make use of a shared TCP port, the process identity of the connecting process is checked against a list of identities that are permitted to make use of the port sharing service. These identities are specified as security identifiers (SIDs) in the <allowAccounts> section of the SMSvcHost.exe.config file. By default, permission to use the port sharing service is granted to system accounts (LocalService, LocalSystem, and NetworkService) as well as members of the Administrators group. Applications that allow a process running as another identity (for example, a user identity) to connect to the port sharing service must explicitly add the appropriate SID to the SMSvcHost.exe.config (these changes are not applied until the SMSvc.exe process is restarted).
|On Windows Vista systems with User Account Control (UAC) enabled, local users require elevated permissions even if their account is a member of the Administrators group. To allow these users to make use of the port sharing service without elevation, the user's SID (or the SID of a group in which the user is a member) must be explicitly added to the <allowAccounts> section of SMSvcHost.exe.config.|