Net.TCP Port Sharing Service (SMSvcHost)

Windows Communication Foundation (WCF) uses a Windows service called the Net.TCP Port Sharing Service to facilitate the sharing of TCP ports across multiple processes. This service is installed as part of WCF, but the service is not enabled by default as a security precaution and so must be manually enabled prior to first use. 

To enable the service, go to the Services console and enable service “Net.Tcp Port Sharing Service”. Go here for a Microsoft article on enabling the service on a machine if more information is needed.

Enable Non-Adminstrator Group Account

By default, permission to use the port sharing service is granted to system accounts (LocalService, LocalSystem, and NetworkService) as well as members of the Administrators group. Applications that allow a process running as another identity (for example, a user identity) to connect to the port sharing service must explicitly add the appropriate SID to the SMSvcHost.exe.config (these changes are not applied until the SMSvc.exe process is restarted).

Configuring the Net.TCP Port Sharing Service – WCF | Microsoft Learn

In the case of enabling the service for a non-adminstrative domain account, I had to determine my SID then add it to the correct SMSvcHost.exe.config file.

Once I had the SID for my domain account, I opened my local Service console (enter services.msc on a command line), I selected the “Net.Tcp Port Sharing Service” and opened its properties.

Next get the system location for the executable and open the file SMSvcHost.exe.config file. You need to add a system.servicemodel.activation section with your SID. After edits, the file should look similar to this (I have obscured the actual SID).

<?xml version="1.0" encoding="utf-8"?>
<!-- The configuration file for SMSvcHost.exe -->
<configuration>
    <runtime>
        <gcConcurrent enabled="false" />
    </runtime>
    <system.serviceModel>
        <diagnostics performanceCounters="Off" etwProviderId="{f18839f5-27ff-4e66-bd2d-639b768cf18b}"/>
    </system.serviceModel>
    <system.serviceModel.activation>
        <net.tcp listenBacklog="10" maxPendingConnections="100" maxPendingAccepts="2" receiveTimeout="00:00:10" teredoEnabled="false">
            <allowAccounts>
                <add securityIdentifier="S-1-5-21-REQUIRED-ACCOUNT-SID-000000"/>
            </allowAccounts>
        </net.tcp>
    </system.serviceModel.activation>
</configuration>

Lastly, restart the “Net.Tcp Port Sharing Service” in the Services console.

Related Posts