Explanation:
The Express Server installer uses the default NetworkService user in many places to run its services and processes. This works well for most organizations. However the NetworkService user generally does not have access to network drives. Some network administrators also limit the NetworkService user's permission level which can cause problems running the server. The solution is to change the app pool identity and the Tomcat service log on to a domain user that has special security permissions instead.
Solution:
You need to find or create a domain user to use for this task. Grant the domain user access to your network drives and to certain folders on the local computer running Express Server. You can do this using a few different methods, but here is one simple process:
Grant permission to the network drives:
- Use file explorer to locate the network drive where your imagery is stored
- Right-click on the drive name and go to Properties
- Click the security tab and add your domain user with read permissions
- Click OK on every dialogue box
Grant permission to the local folders:
- On the local computer running Express Server use file explorer to locate the drive where Express Server is installed
- Right-click on the drive where Express Server is installed and select Properties
- Click the security tab and add your domain user with read permissions
- Click OK on the dialogue box
- Now browse to the ImageServer directory of wherever Express Server is stored, which by default is C:\Program Files\LizardTech\Express Server\ImageServer
- Right-click on the etc folder and go to Properties
- Click on the security tab and click Edit
- Select your domain user and select the Full Control checkbox under Allow
- Click OK on each dialogue box
- Repeat this process for the var folder within the same directory
Ultimately you want this domain user to have read permission on the C: drive and full permission on the etc and var folders.
The Tomcat service login, the app pool identity, and the website's anonymous user must all be changed:
Tomcat Service:
- Open the Services panel
- Scroll down to the LizardTech Express Server Tomcat Service
- Right-click on this service and select Properties
- Click the Log On tab of the window that appears
- Use the Browse picker to find your domain user account
- Enter the password for the domain user and click OK on the window
- Stop and restart the LizardTech Express Server Tomcat Service
App pool identity:
- Open IIS
- Browse to the Application Pool and find the LTESAppPool option.
- Right-click on the LTESAppPool option and select Advanced Settings...
- Scroll down to Process Model and select Identity. Click the three small dots on the right side to open it.
- Select Custom Account and enter the username and password for your domain user
- Click OK on every dialogue box
- Browse to the website where Express Server is running (usually, but not always, Default Website)
- Drill down into Lizardtech and select iserv
- Double-click on the Authentication icon
- Find the Anonymous Authentication entry and select Edit...
- Select the radio button for "Application pool identity"
- Click OK on the dialogue box
- Reset IIS
Now you can add and use network catalogs within Express Server. You can verify these changes were successful by checking the running processes from all users in the task manager. If the user name associated with w3wp.exe (the app pool) and tomcat8.exe is your domain user then everything is set up correctly.