[英]Tomcat Windows Service (Apache Commons procsrv) "The user name or password is incorrect"
I've spent 2+ days trying to get this to work and hope somebody might be able to point me in the right direction...我已经花了 2 天多的时间试图让它发挥作用,希望有人能指出我正确的方向......
I am trying to run Tomcat 8 on Windows Server 2012 R2 as a service as a specific username.我正在尝试在 Windows Server 2012 R2 上运行 Tomcat 8 作为特定用户名的服务。 Due to the complexity of my application I am directly running tomcat8.exe //IS/... instead of using the service.bat script.
由于我的应用程序的复杂性,我直接运行 tomcat8.exe //IS/... 而不是使用 service.bat 脚本。
When the service runs I get these errors in the commons log:当服务运行时,我在公共日志中收到这些错误:
[2016-05-31 18:00:14] [debug] ( prunsrv.c:1679) [ 3280] Commons Daemon procrun log initialized
[2016-05-31 18:00:14] [info] ( prunsrv.c:1683) [ 3280] Commons Daemon procrun (1.0.15.0 64-bit) started
[2016-05-31 18:00:14] [info] ( prunsrv.c:1580) [ 3280] Debugging 'CertAccordServer' service...
[2016-05-31 18:00:14] [debug] ( prunsrv.c:1374) [ 3280] Inside ServiceMain...
[2016-05-31 18:00:14] [debug] ( prunsrv.c:844 ) [ 3280] reportServiceStatusE: 2, 0, 3000, 0
[2016-05-31 18:00:14] [info] ( prunsrv.c:1127) [ 3280] Starting service...
[2016-05-31 18:00:14] [error] (rprocess.c:497 ) [ 3280] The user name or password is incorrect.
[2016-05-31 18:00:14] [error] ( prunsrv.c:1210) [ 3280] Failed to create process
[2016-05-31 18:00:14] [error] ( prunsrv.c:1210) [ 3280] The user name or password is incorrect.
[2016-05-31 18:00:14] [error] ( prunsrv.c:1536) [ 3280] ServiceStart returned 1
[2016-05-31 18:00:14] [error] ( prunsrv.c:1536) [ 3280] The user name or password is incorrect.
[2016-05-31 18:00:14] [debug] ( prunsrv.c:844 ) [ 3280] reportServiceStatusE: 1, 1066, 0, 1
[2016-05-31 18:00:14] [info] ( prunsrv.c:1582) [ 3280] Debug service finished with exit code 1
[2016-05-31 18:00:14] [error] ( prunsrv.c:1755) [ 3280] Commons Daemon procrun failed with exit value: 3 (Failed to run service as console application)
[2016-05-31 18:00:14] [error] ( prunsrv.c:1755) [ 3280] The user name or password is incorrect.
Here is the full command I use to add the service:这是我用来添加服务的完整命令:
./tomcat8.exe \
//IS//MyServer \
--LogLevel Debug \
--Description "My service info" \
--DisplayName "My Server" \
--Install 'C:\Program Files\MyServer\tomcat\bin\tomcat8.exe' \
--LogPath 'C:\ProgramData\MyServer\tomcat\logs' \
--ServiceUser 'myuser@contoso.com' \
--ServicePassword test123 \
--StdOutput auto \
--StdError auto \
--StartImage "C:\Program Files\MyServer\java\bin\java.exe" \
--Startup auto \
--StartMode exe \
--StopMode exe \
--StartParams start \
--StopParams stop \
--StartClass org.apache.catalina.startup.Bootstrap \
--StopClass org.apache.catalina.startup.Bootstrap \
--JvmOptions "-Dcmb.productdir=C:\Program Files\MyServer;-Dcmb.datadir=C:\ProgramData\MyServer;-Dcatalina.home=C:\Program Files\MyServer\tomcat;-Dcatalina.base=C:\ProgramData\MyServer\tomcat;-Djava.endorsed.dirs=C:\Program Files\MyServer\tomcat\endorsed;-Djava.io.tmpdir=C:\ProgramData\MyServer\tomcat\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=C:\ProgramData\MyServer\tomcat\conf\logging.properties" \
--JvmMs 256m \
--JvmMx 1024m \
--Classpath "C:\Program Files\MyServer\tomcat\bin\bootstrap.jar;C:\Program Files\MyServer\tomcat\bin\tomcat-juli.jar;C:\ProgramData\MyServer\resource;C:\Program Files\MyServer\resource"
In place of --ServiceUser and --ServicePassword I've also tried --User and --Password.代替--ServiceUser 和--ServicePassword 我也试过--User 和--Password。 The failure is the same.
失败是一样的。
When I use --ServiceUser and go into Windows Services, find MyServer -> Properties -> LogOn -> This Account shows myuser@contoso.com.当我使用 --ServiceUser 并进入 Windows 服务时,找到 MyServer -> 属性 -> 登录 -> 此帐户显示 myuser@contoso.com。 When I use --User the properties panel has This Account as blank and Local System selected.
当我使用 --User 时,属性面板将此帐户设置为空白并选择了本地系统。
The myuser@contoso.com is an AD account. myuser@contoso.com 是一个 AD 帐户。 On the local system where tomcat8 service is being added it has a group policy which gives it "Log On as a service".
在添加 tomcat8 服务的本地系统上,它有一个组策略,使其“作为服务登录”。
I also verified that myuser@contoso.com is a valid account and the password matches by running this from a cmd prompt:我还通过从 cmd 提示符运行它来验证 myuser@contoso.com 是一个有效帐户并且密码匹配:
runas /noprofile /user:myuser@contoso.com notepad
Enter the password for myuser@contoso.com: test123
When I look at the Apache Commons procsrv C code I found this section which appears to be where the "Failed to create process" and then "The user name or password is incorrect" errors are triggered:当我查看 Apache Commons procsrv C 代码时,我发现这部分似乎是“无法创建进程”然后“用户名或密码不正确”错误被触发的地方:
if (!LogonUserW(szUsername,
NULL,
szPassword,
bLogonAsService ? LOGON32_LOGON_SERVICE : LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&hUser)) {
/* Logon Failed */
apxLogWrite(APXLOG_MARK_SYSERR);
return NULL;
}
I wrote a simple C program with the above code and verified that if szPassword is NULL or not a match for the AD password for myuser@contoso.com I get "The user name or password is incorrect".我用上面的代码编写了一个简单的 C 程序,并验证了如果 szPassword 为 NULL 或与 myuser@contoso.com 的 AD 密码不匹配,我得到“用户名或密码不正确”。
I can't think of anything else to try.我想不出还有什么可以尝试的。 I'm stuck.
我被困住了。 :(
:(
Looking at the Apache Commons Daemon code , I see that the only time that Tomcat actually needs the user details is when it's starting as a separate executable - ie when you have installed it as -StartMode exe
.查看Apache Commons Daemon 代码,我看到 Tomcat 真正需要用户详细信息的唯一时间是当它作为单独的可执行文件启动时 - 即当您将它安装为
-StartMode exe
。
Looking at the way that tomcat is normally installed in service.bat , I see that this uses the JNI form of invocation - ie -StartMode jvm
.查看 tomcat 通常安装在service.bat 中的方式,我看到它使用了 JNI 形式的调用 - 即
-StartMode jvm
。 This will not go through the problematic path and so should avoid your user/password problem.这不会通过有问题的路径,因此应该避免您的用户/密码问题。
Alternatively, if you actually need Tomcat to run as a separate executable... You can see in the same Apache Commons code linked above that it gets all its data from a combination of the command-line and the Windows Registry.或者,如果您确实需要 Tomcat 作为单独的可执行文件运行......您可以在上面链接的相同 Apache Commons 代码中看到它从命令行和 Windows 注册表的组合中获取所有数据。 Since you have installed your service with no command-line parameters, it will try to find the user and password in the registry.
由于您安装了没有命令行参数的服务,它会尝试在注册表中查找用户和密码。 In addition, since you have not specified the
User
or Password
on installation, it won't have saved them off to the registry either.此外,由于您没有在安装时指定
User
或Password
,它也不会将它们保存到注册表中。 It is therefore pulling in empty values.因此,它正在拉入空值。
So, you have two possible ways that you can resolve this problem:因此,您有两种可能的方法可以解决此问题:
-StartMode jvm
when you install the service.-StartMode jvm
。User
and Password
when installing your service.User
和Password
两种形式。 This should put the extra data into the Registry and so make it available when the service tries to start.When entering commands, you should do so as Administrator.输入命令时,您应该以管理员身份进行。 Eg from Windows start menu, type in
cmd
, right click on the cmd.exe
or Command Prompt it gives you, and select Run as administrator
.例如,从 Windows 开始菜单中,输入
cmd
,右键单击它给您的cmd.exe
或命令提示符,然后select Run as administrator
。
Just run tomcat's c:\\path\\to\\TomcatN\\bin\\service.bat
and give it a service name to use, ie Tomcat8
.只需运行 tomcat 的
c:\\path\\to\\TomcatN\\bin\\service.bat
并给它一个要使用的服务名称,即Tomcat8
。 Or,或者,
sc Create TomcatN binPath= "c:\path\to\TomcatN\bin\tomcatN.exe" displayName= "Apache Tomcat N"
Most of the time you don't need this.大多数时候你不需要这个。 But sometimes you need to access the Windows network as a registered user.
但有时您需要以注册用户身份访问 Windows 网络。 For example, if you are taking advantage of some Active Directory functionality.
例如,如果您正在利用某些 Active Directory 功能。 It might work to use the following:
使用以下方法可能有效:
C:\path\to\tomcatN\bin\service.bat install TomcatN --user=George --password=abc123
But probably not.但可能不是。 You can configure the service manually instead.
您可以改为手动配置服务。
From the Windows command prompt, you can use the services configurator.在 Windows 命令提示符下,您可以使用服务配置器。 Some commands of interest:
一些感兴趣的命令:
sc
sc query TomcatN
sc qc TomcatN
sc config TomcatN obj= "MyHostName\George" password= "abc123"
Take care to note the space that comes after the equal signs in that last command.注意最后一个命令中等号后面的空格。
Enter the gpedit.msc
command.输入
gpedit.msc
命令。 In the GUI that appears, navigate to在出现的 GUI 中,导航到
Local Computer Policy | ...
- Computer Configuration | ...
- Windows Settings | []Log on as a service
- Security Settings | ...
User Rights Assignment | ...
Double-click on Log on as a service
and Add User or Group....
Type the shorthand for the username you want the service to use into the field, click Check Names
, and press OK
.双击
Log on as a service
并Add User or Group....
在字段中输入您希望该服务使用的用户名的简写,单击Check Names
,然后按OK
。
You can use the following commands to start, stop, and check the status of the service:您可以使用以下命令来启动、停止和检查服务的状态:
net start TomcatN
net stop TomcatN
sc query TomcatN
Make sure you've started the service running.确保您已启动服务运行。 Open Windows Task Manager and view the Processes tab.
打开 Windows 任务管理器并查看进程选项卡。 Click on
Show processes from all users
if necessary.如有必要,单击
Show processes from all users
。 TomcatN
should be listed, with the username you specified next to it. TomcatN
应列出,并在其旁边显示您指定的用户名。
Credit goes to @ andrewk归功于@ andrewk
You used an incorrect parameter name for your username and password.您为用户名和密码使用了错误的参数名称。
--ServiceUser 'myuser@contoso.com' --ServicePassword test123 --ServiceUser 'myuser@contoso.com' --ServicePassword test123
It should be:它应该是:
--User 'myuser@contoso.com' --Password test123 --用户'myuser@contoso.com'--密码test123
OR或者
Try this https://superuser.com/a/842867试试这个https://superuser.com/a/842867
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.