Solved

Running FME server under domain account - pitfalls?

lifalin2016
Rank
Userlevel 1
Badge +22

Hi list.

I'm attempting to run our FME server under a domain account, but can't seem to get it right.

I've read the admin guide and done the following

  • provided full file access to C:\\Program Files\\FMEServer and C:\\ProgramData\\Safe Software\\FME Server (using default folders in installation) to the domain account.
  • Stopped the three services (appserver, core, engines), but left database service running.
  • Changed logon on the three stopped services.
  • Deleted the log files from C:\\ProgramData\\Safe Software\\FME Server\\resources\\logs\\engine\\current
  • Restarted the three services.

But now the web interface fails, saying it cannot access Core services.

I'm sure that I need to do something more, but I'm at a loss about what it is. I've re-read the admin guide, but cannot find anything amiss.

Please help.

Cheers

icon

Best answer by steveatsafe 27 May 2021, 19:48

View original
-- Cheers, Lars I.

5 replies

steveatsafe
Rank
Badge +11

@Lars I Nielsen​ I hope you are well. Thanks for posting this question.

What version of FME Server are you working with?

What OS version are you working with

Can you confirm if the domain account is part of the local system's user group?

 

If this is a permissions issue (and I'm 101% sure it is), can you add the domain account to the local admin group and test again... at least then you'll know it is a permissions issue.

After this try removing the domain account from the admin group and add to the power users group...

Let me know if this works.

There's a good chance there are system dlls that are not being accessed properly due to permissions.

 

I'll be honest, most times the domain service account is added to the local admin group. This is something we know seems to be necessary when working with 3rd party software such as Esri. However, there is a discovery process here to overcome the need for the domain service account to be in the local admin group. I've tested using a domain service account with proper access to FME Server folders and added to the local Users Group and things have worked.... so I'm wondering if your OS or user account has been modified in some way, via local policies, or group policies?

 

I know others have had this problem as well, and more recently the customer decided to add the domain service account to the local admin group. I was not able to identify the cause on their system.

 

Please open a case with us if you continue to have issues and we can dive in to it further (and report back here).

SteveatSafe

SteveatSafe
lifalin2016
Rank
Userlevel 1
Badge +22

Hi Steve.

Windows Server 2019. FME 2020.2 (release). Upgrading to 2021.0 when this here issue is sorted out.

No, the domain account was not in the Administrators group, but I've just added it. Thanks.

I'll give it another try after this change, and post the result here.

Cheers.

-- Cheers, Lars I.
lifalin2016
Rank
Userlevel 1
Badge +22

It works! - after a failed attempt, where I forgot to delete the log files.

But adding the account to the local admins group automatically grants the account file access in the necessary places, so doesn't the preparation just boil down to doing this to take care of all permission issues?

-- Cheers, Lars I.
steveatsafe
Rank
Badge +11

Possibly, but if I understand, the user is still in the local admin group...

If you want to reduce the permission level of this user from local admin to local user does FME Server still function ok? Perhaps? But I've seen this not work also.

Can you confirm if your installation is now working with the domain account part of ONLY the local user group?

SteveatSafe
lifalin2016
Rank
Userlevel 1
Badge +22

Possibly, but if I understand, the user is still in the local admin group...

If you want to reduce the permission level of this user from local admin to local user does FME Server still function ok? Perhaps? But I've seen this not work also.

Can you confirm if your installation is now working with the domain account part of ONLY the local user group?

Hi Steve.

No, it didn't work, after I created all the file permissions mentioned in the docs, but as a local user. This was why I created this thread in the first place.

Only adding the user to the local admins got it to work.

So either the docs misses a few necessary permission settings to be made, or it should just ask for the account to be elevated to be a local admin.

I'm happy with it being a local admin account, so I'll close the thread.

Cheers.

-- Cheers, Lars I.

Reply


Community Stats

28,670
Posts
109,364
Replies
36,531
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.