I'm currently trying to troubleshoot an issue with a Java web application that is stumping me along with the vendor of the software. We're running on Windows Server 2012 with Tomcat 8. In my scenario, the application uses an installer to set up the files and environment. As part of the setup process, the service account that Tomcat will run under is supplied. For this example, I'll call the service account srvTomcat
.
FAIL
Context: Tomcat running as Windows Service
User: srvTomcat
With Tomcat running in this context, we can log in and interact with the UI. However, the application fails when it attempts to create a new directory on disk. (E:\xxx\xxx) During troubleshooting, we've given the service account full control over the directory and a file share and the problem remains. The logs only tell us that a directory cannot be created.
SUCCESS
Context: Tomcat running from Administrator Command Prompt
User: srvTomcat
When Tomcat is launched in an administrator command prompt running under the same account as the the failure above, everything works. The application can create directories on disk.
There is no difference that I know of between the configuration options used when running as a Windows Service (failing) to running from a administrator command prompt (working). Are there any new security options with Windows Server 2012 that may be causing this issue?
Best Answer
A coworker of mine actually found the solution to the issue we were running into. In a nutshell, it boils down to running Windows Server 2012 on top of vSphere 5. In our case, the drive that the application was attempting to write to (D:) was seen as a hot pluggable device, which appears to be the default when running Windows Server 2012 on vSphere 5.0 and something our build process doesn't account for. When run via the console, Tomcat/Java security settings allow for writing to this type of drive. However, when running as a service, access was denied and writes failed.
The fix this issue, we had to make sure that Windows didn't see the drive as hot pluggable, which was done using the following steps:
The steps above were found at http://www.jonathanmedd.net/2013/06/windows-server-2012-on-vsphere-5-0-the-case-of-the-missing-d-drive.html.