topic Re: ArcGIS Server log4j vulnerability - running Log4Shell Mitigation Script in ArcGIS Enterprise Questions

ArcGIS Server log4j vulnerability - running Log4Shell Mitigation Script

Anonymous User — Tue, 21 Dec 2021 16:40:19 GMT

I followed the instructions in the https://support.esri.com/en/Technical-Article/000026951. I encountered the PermissionError after running "--delete" command (see below for the error). I stopped all ArcGIS Server services and restarted the server, but it didn't fix the problem. There are other ArcGIS Servers having the same issue in our organization. I would very much appreciate the solution to this issue.

PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Program Files\\ArcGIS\\Server\\framework\\lib\\shared\\log4j-core-2.11.1.jar'

Thank you,

Makiko

Re: ArcGIS Server log4j vulnerability - running Log4Shell Mitigation Script

JonEmch — Tue, 21 Dec 2021 17:41:29 GMT

Hey there, thank you for posting.

Couple of things, could you confirm that there are no other ArcGIS Components running on the machine in question? Also are you running the script with the service stopped?

Re: ArcGIS Server log4j vulnerability - running Log4Shell Mitigation Script

StevenBowden — Tue, 21 Dec 2021 22:21:42 GMT

On our windows 2016 server with ArcGIS Server 10.8.1 I think I had some sort of permission error as well when I ran the --delete option. I then ran the cmd prompt as administrator and the delete option worked without giving any error messages. At the time I was logged in as the user that did the ArcGIS install and the AGS runs as that user but I still needed to run the cmd as administrator though for it to work. Not sure if this is the same issue though.

Re: ArcGIS Server log4j vulnerability - running Log4Shell Mitigation Script

Anonymous User — Tue, 21 Dec 2021 23:01:06 GMT

Thank you so much for the quick response!!

>>no other ArcGIS Components running on the machine
I am not sure what is other ArcGIS Components mean. I checked Windows' task manager and stopped services that service names start with ArcGIS and SOC.exe. Is there another way to ensure all ArcGIS components are stopped?

>>Also are you running the script with the service stopped?
Yes, that I made sure.

I found the log4j-core-2.11.1.jar.bak file. I am just mentioning this since I have no clue regarding the issue.

I very much appreciate your assistance.

Thank you,
Makiko

Re: ArcGIS Server log4j vulnerability - running Log4Shell Mitigation Script

Anonymous User — Tue, 21 Dec 2021 23:04:20 GMT

Thank you for your input. I run the script in cmd as administrator. It seems the only way to run the script.

Re: ArcGIS Server log4j vulnerability - running Log4Shell Mitigation Script

JeffSmith — Thu, 23 Dec 2021 17:54:52 GMT

Not sure if you've gotten this resolved yet or not. It sounds like when you stopped the ArcGIS Server service, the javaw.exe process did not stop correctly. This would keep a lock on those jar files and generate the error you observed. If you kill that process, that should allow you to run the script.

To check if all processes are stopped after stopping the service, I use the task manager and sort the processes by the username. If you are using a unique service account for ArcGIS Server, it is pretty easy to confirm nothing else is running. This of course won't work if the service account is used for other services as well.

Re: ArcGIS Server log4j vulnerability - running Log4Shell Mitigation Script

JonEmch — Tue, 28 Dec 2021 18:43:49 GMT

Sure thing, by components I meant, are there any other ArcGIS Products installed on the machine. Additionally, I would set the auto start for the ArcGIS Server Service to "manual", reboot the machine, and try to run the script then.

Re: ArcGIS Server log4j vulnerability - running Log4Shell Mitigation Script

Anonymous User — Wed, 29 Dec 2021 15:08:36 GMT

I didn't see "javaw.exe" process in the Task Manager so I stopped two processes "OpenJDK Platform binary" and ran "log4shellmigration" script. It worked. After that I restarted ArcGIS Server service.

Thank you so much for all of your assistance!!

Makiko