This is regarding an issue where the hosts file is being ignored when running a service as local system. Skip to the bottom for the solution or read on if you care what lead to the need for this in the first place.

The Problem

Recently I had an issue with my machine and hosts file being ignored. I was using a Windows Server 2008 R2 machine, in a large network environment. I was hosting a site in IIS, using a domain that wasn’t an existing publicly registered domain (to my dns it didnt exist) and had an entry in my hosts file along the lines of:

and had a Windows Service running talking to that endpoint. I noticed that for some strange reason when I ran the service as my logged in user, it worked fine, but when I ran it as local system user, it would fail to hit the end point, strange. In production this would have to be running as local system, though. I had a work around so was fine, but every time I reinstalled I had to manually put the credentials back. In production, this will point to a real external end point, which will not require a hosts entry, so I was not worried at this point by using the work around. Its just a development environment issue I figured. So then SSL was required. A domain was registered, a deployment of the site pushed for testing, and in development, we started using the same cert, and the same domain.

Now we are in a situation where the real DNS entry points to a (slightly out of date) version of the current site, but in my development environment I have IIS and a hosts entry pointing to it as above. But my service, running as local system, is ignoring my hosts file and starts talking to the test server instead. This is frustrating for the main reason that before, it would fail if it pointed to the wrong place, and I would add the Run As my user stuff to the service. Now, it points to another server and ‘seems’ to work. Until I realise my local changes are not showing up. Oh right, Im point at testing, not local development. Grrrr. After a lot of searching the web, I found that the issue was proxy related, that local system was using the proxy for dns lookups, and ignoring hosts. Turns out that changing the proxy for local system is not simple, and a real pain to figure out.


After figuring out the cause, which had nothing to do with services, IIS, TMG or other parts of my infrastructure, and was a pure proxy settings issue, I found a related article online. So now all I had to do, was make some changes to the registry.

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

This is where windows stores the proxy setting for local system, and where a tool we were using had made some changes for a deprecated proxying solution we had. So all i had to do was turn off all proxy settings for my currently logged in user, and once these are saved, copy the equivalent value for DefaultConnectionSettings entry for my current user, and put it into the DefaultConnectionSettings entry for the local system path specified above. That solved my problem and I now have a windows service, running as local system, using my hosts entry and talking to a local IIS. Problem, Solved. For your own reference, HKEY_USERS\S-1-5-18 means the user with the security identifier of S-1-5-18, which happens to be Local System (more info here at this wiki page).