Cannot Run Elasticsearch 7.2 As A Windows Service

Running on a fresh install of Windows Server 2012 R2 with all the latest updates. The only changes made to the OS is turning off firewall(s), setting hostname, and setting IP address.

Reproduction

  • Unzip elasticsearch-7.2.
  • Run /bin/elasticsearch.bat from admin cmd prompt and everything works.
  • Run /bin/elasticsearch-service.bat install
  • Run sc start elasticsearch-service-x64, or using services.msc to start Elasticsearch service, gives the below error.
2019-07-07 10:46:36 Commons Daemon procrun stderr initialized
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Exception in thread "main" : Security misconfiguration: cannot access java.io.tmpdir
Likely root cause: java.lang.SecurityException: Unable to create temporary file or directory
	at java.base/java.nio.file.TempFileHelper.create(TempFileHelper.java:142)
	at java.base/java.nio.file.TempFileHelper.createTempFile(TempFileHelper.java:160)
	at java.base/java.nio.file.Files.createTempFile(Files.java:915)
	at org.elasticsearch.bootstrap.Security.selfTest(Security.java:416)
	at org.elasticsearch.bootstrap.Security.configure(Security.java:133)
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:216)
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349)
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159)
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150)
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
	at org.elasticsearch.cli.Command.main(Command.java:90)
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115)
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)
Refer to the log for complete error details.

elasticsearch.yml Config

cluster.name: ESSec Test
node.name: ESSec
path.data: c:/ElasticStack/data/elasticsearch
path.logs: c:/ElasticStack/logs/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["ESSec"]
cluster.initial_master_nodes: ["ESSec"]

Elasticsearch-service Manager Java Config

-Xms1g
-Xmx1g
-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly
-Des.networkaddress.cache.ttl=60
-Des.networkaddress.cache.negative.ttl=10
-XX:+AlwaysPreTouch
-Xss1m
-Djava.awt.headless=true
-Dfile.encoding=UTF-8
-Djna.nosys=true
-XX:-OmitStackTraceInFastThrow
-Dio.netty.noUnsafe=true
-Dio.netty.noKeySetOptimization=true
-Dio.netty.recycler.maxCapacityPerThread=0
-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true
-Djava.io.tmpdir=
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=data
-XX:ErrorFile=logs/hs_err_pid%p.log
-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m
-Djava.locale.providers=COMPAT
-Dio.netty.allocator.type=unpooled
-XX:MaxDirectMemorySize=536870912
-Delasticsearch
-Des.path.home=C:\ElasticStack\elasticsearch\7.2
-Des.path.conf=C:\ElasticStack\elasticsearch\7.2\config
-Des.distribution.flavor=default
-Des.distribution.type=zip
-Des.bundled_jdk=true

Looking at the JVM options that are set during service creation vs. when run from the command line, there are some differences.

Elasticsearch as a service

-Djava.io.tmpdir=;

Elasticsearch executable

-Djava.io.tmpdir=C:\Users\ADMINI~1.WIN\AppData\Local\Temp\2\elasticsearch;
-Delasticsearch;-Des.path.home=C:\ElasticStack\elasticsearch\7.2;
-Des.path.conf=C:\ElasticStack\elasticsearch\7.2\config;
-Des.distribution.flavor=default;
-Des.distribution.type=zip;
-Des.bundled_jd=true

So running as an executable, it sets the java tmpdir to my local user account. The documentation says the following regarding this:

  • Remove service
  • Set System variable
  • Reboot system
  • Install service
  • All is right in the world again
3 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.