UMS as a windows service

For help and support with Universal Media Server
Forum rules
Please make sure you follow the Problem Reporting Guidelines before posting if you want a reply
Post Reply
mark54676
Posts: 1
Joined: Fri May 12, 2017 10:29 pm

UMS as a windows service

Post by mark54676 »

After about 50 hours of attempting to get the universal media server to run as a Windows service I have simply given up . Many hours of googling have been wasted to find little to zero help in this regard . Many hours have been spent in the windows firewall adding rules then playing with the many switches and settings that just seem to be ignored in all the forum posts. yet it works perfectly with the firewall off or running without being a service.

the problem here is everytime your computer reboots itself or anything the UMS goes down until you get up and login to windows. And I guess that was fine the the first few hundred times but I'm sick to death of it. I just want it to work without having to go to the computer every other day because it stopped, yet again.

UMS is easier to set up headless on Ubuntu than to get it to run as a Windows service . Unfortunately though , the VMS just does not survive long enough with my many power outages. and reinstalling from scratch every couple of months is out of the question.

I would love nothing better to for someone to step up and write a clear and accurate post on exactly what firewall rules need to be in place for ums to actually work.

Not just the inbound rules. Not just wrapper.exe. but the whole firewall needs. Like I've never even seen a firewall rule in my entire freaking life.

Otherwise I'm about to say goodbye to this fine product in search of something that will actually fulfill my needs without being so aggravating.

commonly ignored in post about this issue follow.
1 should the service run as a user name or as local system account.
2 what start parameters should be in place?
3 should dependencies be listed, if so what are they.
4 inbound rules that say more that tcp, udp, or any. what about the many other settings
5 outbound rules so many post completely neglect to mention outbound rules at all. do we just not need any?

Honestly if the thing just loaded when the computer booted up it would be perfect in my opinion. I've never had a single problem with it other than the fact I have to get up every day or two to start it again.

I don't think anyone's ever going to answer how to get it done as I've completely lost faith . So I'd like to thank you guys for this product and I have had many hours of enjoyment from it but it's simply time to find something hassle free so I'm gonna wish you the best of luck.
Nadahar
Posts: 1990
Joined: Tue Jun 09, 2015 5:57 pm

Re: UMS as a windows service

Post by Nadahar »

Running UMS as a service hasn't gotten any attention for years, and has some problems.

I don't remember what .exe UMS as a service runs as, but that's easy enough to find out. Once UMS has been installed as a service, quit the application and open "services.msc". In there, find the UMS service, right click it and select properties. A new window will open, in which you can see "path the executable" about half way down. This is the executable you need to use in the firewall rule.

When it comes to what the service should run under, it doesn't really matter. The default, local system, is fine. What matters is that the user under which UMS is run has write privileges to the UMS profile folder (%ProgramData%\UMS by default) and read privileges to all folders (and files) shared by UMS. I'm pretty sure this is covered by default by using the local system account.

There's no need to add startup parameters or dependencies in the service manager, in fact there's no need to make any changes to the service in the service manager.

Regarding the firewall, it's quite simple if you can figure out what process/program to give the permissions to. Personally I don't run firewalls on stationary computers that's behind routers, it's simply a lot of trouble for no gain. If you think you need to protect the computer from attacks from your local network, you need to configure the proper firewall rules. I think the root of the problem is that most people don't have a clue of what a firewall is or does, and think it's something you just have to have. I agree that everyone should have a firewall between themselves and the internet. As good as all routers run firewalls, and those firewalls allow all outgoing traffic and denies all incoming traffic by default. This works for most "home" scenarios, but if you want something to be accessible from the internet, you need to open for some incoming traffic in your router. That's beside the scope of this, the point is that as long as you have a router with a firewall running, there's no need to also run firewalls on the local computers.

Because big companies can't be bothered to explain things like this to people, they do what is simplest for them instead. Microsoft used to get a lot of criticism for being "unsecure" by people that doesn't understand how things work. This started to become a "truth" among the stupid that threatened to hurt their sales, so the implemented a default firewall policy that block all incoming traffic to all Windows OS'es. All outgoing traffic is allowed by default. In addition, they made all kind of "warnings" that will keep nagging you if you don't run the firewall, which leads people to thing that this is very dangerous. The fact is that running a firewall on the local computer is only relevant if you don't trust the local network you're on. People with laptops connecting to open Wifi networks or using mobile internet should run local firewalls, as there is no router (with firewall) between them and the internet. Stationary computers behind a router on a secured (that is, not open to anyone) local network has no need to run a firewall.

Because of the above situation, there's no need for any outgoing rules, as all outgoing traffic is allowed by default. The problem is that since most people don't understand anything of firewalls, it has become common for applications to change the firewall rules during installation so that the application will work despite the user being clueless as to what a firewall does or how to configure it. This completes the circle of stupidity in my view, as people have no idea of what changes are made to their firewall rules by applications and if the changes are "safe" or not. It's like having a lock on your door but refusing to learn how to use a key, and instead getting strangers to handle locking and unlocking the door for you. You might as well just drop the lock in the first place.

In any case, because of this there is no "general" way to know exactly what changes are needed to the firewall configuration to make something work, because you as a developer don't know how the firewall is configured in the first place. The rules installed by most software is therefore assuming that the configuration is as it is by default on a fresh Windows installation, and rules are generally created very "liberal". The concern of the developer is first and foremost that the user shouldn't complain that their product doesn't work, not to maintain the security of the system. As a consequence, Java installs firewall rules that allow all incoming traffic to ANY Java application when Java is installed, effectively disabling Windows firewall completely for Java programs. All outgoing traffic is already allowed by default. This is why UMS works without doing anything to the firewall when run as an application - the firewall is effectively disabled.

Only "native" Windows applications can run as a Windows service. Since Java applications aren't native Windows applications, they can't run as a service. To get around this, somebody has created "wrapper.exe" which is used by UMS. It's simply a small Windows executable that launches the configured Java application. The problem is that it makes Windows think that "wrapper.exe" is the program running, not "java.exe" or "javaw.exe" as it is when run normally. Because of this, the default "allow all incoming traffic" firewall rule doesn't apply when UMS is running as a service.

Because of the nature of UPnP and HTTP (the protocols being used by DLNA and UMS), there's no way to tell in advance what addresses or ports that should be allowed access to UMS. As a consequence, the easy way to solve this without digging into a lot of details about the network and the services, is to allow all incoming traffic to the service executable. UMS use both TCP and HTTP, and source ports and addresses can be anything. Destination ports are known, but is depending on your UMS configuration + hard coding. In short, make a firewall rule that allows anything incoming to the service excecutable, and it should work the same as when run as an application.

The second problem when running UMS as a service, is that the service and the "application" will try to use the same configuration files and cache/database. This will create a lot of problems and errors, and must be avoided. As a consequence, you have to make sure to not start UMS as an application while the service is running. It you want to use the GUI to change settings for example, you can do so by:
  • Stop the UMS service from the service manager (services.msc)
  • Start UMS as an application
  • Make your configuration changes
  • Quit UMS as an application
  • Start the UMS service from the service manager
If you want to configure UMS by editing UMS.conf manually, you still need to stop the service first:
  • Stop the UMS service from the service manager (services.msc)
  • Make your configuration changes in %ProgramData%\UMS\UMS.conf or any other configuration file like a renderer configuration
  • Start the UMS service from the service manager
If you follow the above, I think UMS should be able to run as a service without too much trouble. That said, I think you'll find that you'll have to restart the service from time to time, maybe once a week, because UMS will slowly use more and more memory. It's not a traditional memory leak, we know why it happens but haven't found a realistic (that is, without it being a huge rewrite) way to solve it yet. In any case, the result is the same, UMS will have less and less "free" memory to work with and in the end it will become very slow and/or crash. How fast it degrades depends on how much it is used and the number of media files in the library.
Triplefun
Posts: 136
Joined: Sat Jun 02, 2012 2:29 pm

Re: UMS as a windows service

Post by Triplefun »

I run ums as a service on windows server 2012 using the 'load as a service' prompt in the config GUI. Need to make sure you have the correct firewall settings ...
viewtopic.php?f=4&t=8461&p=27600&hilit=firewall#p27600
Triplefun
Posts: 136
Joined: Sat Jun 02, 2012 2:29 pm

Re: UMS as a windows service

Post by Triplefun »

And if you are running java8 then you need to run the ums compatible. Note I couldn't find a java8 version for 6.7.1.
Nadahar
Posts: 1990
Joined: Tue Jun 09, 2015 5:57 pm

Re: UMS as a windows service

Post by Nadahar »

Triplefun: It doesn't matter, we've dropped the different versions as they really didn't serve any purpose anymore. It was different when we had a Java 6 versions, then it was a "real difference" between them. For 6.7.x there is one version for both Java 7 and Java 8.

Regarding the firewall setup I'm glad you got it working, but not all of that is needed. The outgoing rules isn't needed on a Windows Firewall with the default rules, and incoming port 5002 isn't needed for the default UMS configuration.
Triplefun
Posts: 136
Joined: Sat Jun 02, 2012 2:29 pm

Re: UMS as a windows service

Post by Triplefun »

On windows server 2012 the latest version cannot be installed as a service unless I back load java 7. The java 8 versions of 6.6.* installed as a service with no issues.
Nadahar
Posts: 1990
Joined: Tue Jun 09, 2015 5:57 pm

Re: UMS as a windows service

Post by Nadahar »

What exactly is the error/problem?
Post Reply