When attempting to restart the ConnectALL services after updating, the ConnectALL Broker Service fails to start when configured to run under a specific service account. The service starts successfully when running under the Local System account.

A similar issue may occur with any of the ConnectALL services, however this has been specifically observed with the Broker service.

Product: ConnectALL On-Prem

Product Release: 3.0+

Services Affected: ConnectALL Broker Service

Operating System: Windows

The service account used to run the ConnectALL Broker Service does not have the necessary file permissions (specifically Modify permissions) to write to the ConnectALL Broker's log directory, causing a failure when the service attempts to rotate a log file upon startup.

The log file rotation attempt failed with a System.UnauthorizedAccessException: Attempted to perform an unauthorized operation in the event viewer.

The recommended long-term solution is to ensure the service account has the proper permissions on the ConnectALL Broker's log directory. The out-of-the-box setting for the Broker service uses the Local System account.

1. Grant Modify Permissions to the Service Account (Preferred Solution):

   • Locate the log folder for the ConnectALL Broker: CONNECTALL_HOME\Broker\connectall-broker\log.

   • Check the permissions for the service account (e.g., ######@<your email address>.com) that is running the service.

   • Add the service account and grant it Modify permissions on this directory. This allows the service to write and rotate log files.

   • Restart the ConnectALL Broker Service.

2. Use the Local System Account (Workaround/Default):

   • Change the service account for the ConnectALL Broker Service back to the default Local System account.

   • Restart the service.

 

Note: Although adding the service account to the local administrator group was a workaround that enabled the service to start, this is generally considered a security risk and is not recommended. If the service account is already in the administrator group, ensure it has the necessary file permissions if you encounter this issue.

The System.UnauthorizedAccessException error in the event log when the service starts under a standard user account indicates a file permission issue.

Service cannot be started.
System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at winsw.Util.FileHelper.MoveOrReplaceFile(String sourceFileName, String destFileName)
at winsw.LogHandler.MoveFile(String sourceFileName, String destFileName)
...
at winsw.RollingLogAppender.log(StreamReader outputReader, StreamReader errorReader)

The error stack trace shows the service failing during an attempt to move or replace a file (MoveOrReplaceFile), which is typically part of the log rotation process, confirming the lack of write/modify permission in the log directory is the root cause.

The user had resolved the issue in their environment by adding the service account to the admin group or by switching back to the Local System account.