On 06.07.2017 18:17, Fau Buitron wrote:
-----Original Message-----
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: Thursday, July 06, 2017 12:04 PM
To: users@tomcat.apache.org
Subject: Re: TOMCAT 8.5.15 - on windows 7 server - Password for Service
Username disappears
Hi.
On this list, it is preferred/recommended/strongly recommended to respond *below* the
original message, and not to "top post".
It just makes it easier to follow the normal flow of a conversation.
See the rules : http://tomcat.apache.org/lists.html#tomcat-users #6 >
-----Original Message-----
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: Thursday, July 06, 2017 11:35 AM
To: users@tomcat.apache.org
Subject: Re: TOMCAT 8.5.15 - on windows 7 server - Password for
Service Username disappears
On 06.07.2017 17:13, Fau Buitron wrote:
Hi All,
I am running TOMCAT 8.5.15 on a Windows 7 server with SP1. Although it
is not consistent, the password value for the specific username used to run the
TOMCAT service disappears when the service is stop and started again. The
starting of the service fails because the value of the password disappears.
Once the password value is re-entered with the password value, the
TOMCAT service starts without any issues, has anyone encountered this issue?
I look forward to your response.
Hi.
I have never seen the behaviour which you describe above, although I regularly
run Tomcat as a Service on Windows systems, in multiple customer networks.
First, maybe something which you should read :
https://wiki.apache.org/tomcat/FAQ/Windows#Q11
In a way, this explains why the Tomcat code itself is very unlikely to contain anything
which would modify this Windows user's password. (If anything, it would be the
"wrapper"
program described in that article.)
My guess would be at this point : if the user-id in question is a Windows
Domain user-id, then mybe some Windows network policy is the cause of this
password reset.
Ask your Windows network sysadmins.
Hope this helps.
On 06.07.2017 17:48, Fau Buitron wrote:
Hi Andre,
Thank you for your response and feedback. I had reached out to our windows
support group only to be told that it must be caused by the third party product.
What's worse is that all installations of TOMCAT (Stage and Production)
encounter the same behavior when the service itself it stopped.
I was reaching out to the TOMCAT user community in the event that
there might be a permission that needs to be granted to a file in which the
service account Username and password might need to be entered.
So I am once again at square one, however, I will follow your suggestion and
reach out to the networking group to see if they can shed light on this
situation.
Thank you.
Fau
Another suggestion : if you have read the article to which I pointed you, you will see
that the "wrapper" program which actually runs the JVM which runs Tomcat,
actually stores its parameters in the Windows Registry.
It is the same for the userid/password which you enter in the service
description.
So maybe it is not an issue linked to Tomcat per se, but instead due to the
fact that by entering this password, you are modifying the Registry.
And perhaps there is some network script which regularly removes such changes,
when made by a user who does not have the correct permissions to do so ?
It may thus be that it is not the Tomcat start/stop per se which resets this
password, but that this happens asynchronously, and that you just notice it
when you are trying to restart Tomcat.
You could try the following experiment :
- set the password for that user, start Tomcat as usual, and leave it running
- then, after a suitable pause, try to login to that same workstation, as this
Tomcat user, using the same password which you set.
If it does not work, then you know that it has nothing to do with stopping
Tomcat.
Hi Andre,
The experiment that you described is exactly what is occurring, except it
is not a TOMCAT user, as it is the actual username and password which is used
to run the TOMCAT service itself.
Yes, that is what I meant. I meant "use the user-id/password that you have configured for
the Tomcat Service, to actually try to login (interactively) to Windows on that machine."
The TOMCAT service runs, but if the TOMCAT service is stopped (does not occur
at all instances), the password field for the user is no longer present
and needs to be re-entered. I could do
a search within the registry, however the value for the password will more like
be encrypted, as it appears within the password field of the service logon tab,
so is the value of the password really present?
Indeed it may not be, if this is a domain user, as you seem to indicate below.
Which triggers another question : can you not define a local user on this machine, and use
that one to run Tomcat ? Or, can you not use the default Services user, which is normally
"LocalSystem" or similar ?
(The only reason why you may be forced to use an AD domain user, would be if some
application running within Tomcat, needs access to some non-local Windows domain resource).
The point of all this is to try to narrow down as much as possible the circumstances under
which this happens (vs does not happen), since the code of Tomcat itself is certainly not
resetting the password of the user-id under which that service is running.
I am reaching out to the security group to determine if the AD username has
similar properties as other service account username/passwords.
Thank you for your assistance and response.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
