Configuring the Services Server

On a fresh install, configuring the Services Server requires starting the Archer services.

Task 1: Verify the domain user account has access to network share and company_file directories on the network share

1. Ensure that the log file is on a local drive and not the network share.
2. From Archer Control Panel, verify the path to Logging on the Installation Settings tab. Make certain that the log file is on a local drive and not the network share.
3. In Explorer, verify that the Domain Account has Modify or Read/Write permissions.
4. Navigate to the network share and verify that the following folders have Modify or Read/Write permissions.
   • File Repository
   • company_files
   • Indexes

Task 2: Verify the X.509 certificate permissions

This task ensures that the service account used by the services have Read permissions to the relevant X.509 certificate private key. This certificate was specified during the initial installation. For more information, see X.509 Certificates.

1. Start the Microsoft Management Console (MMC). Do the following:
   1. Click Start and Run.
   2. In Open, enter :

      mmc

   3. Click OK. The Console Root window opens.
2. Click File > Add/Remove Snap-In.
3. In Available snap-ins, select Certificates and click Add.
4. Select Computer account and click Next. The Select Computer dialog box opens.
5. Select Local computer (the computer this console is running on), and click Finish.
6. Click OK.
7. Expand the Certificates (Local Computer) and the Personal folder, and click Certificates. If the certificate was created during the initial installation, the Archer Configuration certificate is listed.
8. Right-click Archer Configuration or the certificate specified during the installation and click All Tasks > Manage Private Keys.
9. In Group or User Names, do 1 of the following:
   • If the account is listed, go to the next step.
   • If the account is not listed, do the following:
     1. Click Add.
     2. In Enter the object names to select, enter the applicable object names, and click OK.
10. In Permissions for [account], do the following:
    1. At Full control, clear the Allow checkbox.
    2. At Read, select the Allow checkbox.
11. Repeat steps 9 and 10 for each account running the Archer Services.
12. Click OK, save and close the Console window.

Task 3: Make the certificate revocation list accessible

Each time a job process starts, it validates the Certificate Revocation List (CRL). If a Archer server does not have direct internet access, making the CRL distribution point inaccessible, a 15-second timeout occurs before the process can to continue. This timeout can introduce a significant delay for each job process that the Job Engine service starts.

To eliminate the 15 second delay, complete 1 of the following tasks:

Disable the certificate revocation list validation

Complete this task to disable CRL validation for the user account running the Job Engine service. Disabling CRL validation does NOT disable signature verification. The signing certificate still matches against the trusted root store.

1. Open Command Prompt.
2. Enter:

   wmic useraccount get name,sid

3. Click OK.
4. Find the SID for user account running Job Engine.
   1. At the Command Prompt, enter:

      RegEdit

   2. Go to HKEY_USERS > [SID of user account running Job Engine] > Software > Microsoft > Windows > CurrentVersion\WinTrust\Trust Providers > Software Publishing.
   3. In the right pane, double-click State.
   4. Change Value data (Hexadecimal) from 23c00 (default, checking enabled) to 23e00 (checking disabled).
5. Click OK.

Set a system-level HTTP proxy

Complete this task to set a system-level HTTP proxy so that any user who logs in to the system has Internet access without having to take another action. This situation may not be desirable behavior.

1. Open Command Prompt.
2. Enter:

   netsh winhttp set proxy proxy-server=”[MyProxyServer:port]” bypass-list=”<local>,”

   where [MyProxyServer:port] is populated with an actual proxy server and port number.

3. Press Enter.