Using Service Manager

Service Manager is used to collectively manage the individual AssetWise services installed on this computer.

When you need to stop or start all AssetWise services on a particular computer at the same time, you can either use the Service Manager node in AssetWise System Management Console, or you can open the local Services window (Start > Windows Administrative Tools > Services) and use the eB Service Manager service listed there.

When you need to manage a particular AssetWise service, you must use the Service Manager node in AssetWise System Management Console. The Service Manager node lists the individual AssetWise services that are installed on a particular AssetWise server, along with the following information:

Status - shows whether the service is running or not
Startup Type - shows how the service is normally started
Log On as - shows the user account (service identity) the service runs under

By default, each AssetWise service is configured to start automatically (Startup Type is set to Automatic (Delayed Start)) whenever Service Manager is started. You can stop, start, or restart a service by right-clicking it in the list and selecting the appropriate option, or by using the icons at the top of the console. To stop and start all AssetWise services at the same time, click the Stop Service Manager and Start Service Manager icons at the top of the console.

For best performance, it is recommended that you set the Startup Type to Manual for any service on the computer that is not being used. For example, double-click any service in the list and on the General tab of the Properties dialog, turn off the option, Automatically Start when the Service Manager is Started. This changes the Startup Type to Manual.

To Change the Service Identity

The user account that a service runs under (Log On as) is referred to as the service identity. The service identity is set for Service Manager and each individual service it manages during installation of AssetWise Server, or during any AssetWise installation that delivers some AssetWise services.

To change the service identity for Service Manager, you must use the local Services window:

Open the local Services window.
Right-click the listing for Service Manager and select Properties.
Go to the Log On tab of the Properties dialog and change the user account.

To change the service identity for an individual service, you must use the Service Manager node in AssetWise System Management Console:

Open a command prompt as administrator and run the following command:

netsh http add urlacl url=https://+:<port>/Bentley/eB/Service/<ServiceName>/HostInstance/ user=<domain>\<user.name>

For example:

netsh http add urlacl url=https://+:443/Bentley/eB/Service/MailDistribution/HostInstance/ user=Bentley\Joe.User

Open AssetWise System Management Console and select the Service Manager node.
Right-click the service in the list whose service identity you want to change and select Properties.
Go to the Log On tab of the Properties dialog and change the user account.

The user account you use as the service identity:

is recommended to be a Windows account
is recommended to have a password that is set to never expire
must be a member of the Administrators group on this computer (Control Panel > Administrative Tools > Computer Management > System Tools > Local Users and Groups > Groups)
must have the Log on as a service right on this computer (Control Panel > Administrative Tools > Local Security Policy > Security Settings > Local Policies > User Rights Assignments)
must have the Service Principle Name (SPN) configured in Active Directory which ties the user name with the HTTP service endpoint

If you are changing the service identity for an individual service, the following additional rights are needed:

Impersonate a client after authentication - on the service identity used by Service Manager
Log on as a batch job - on the service identity of the individual service you are changing

Note: If you use the Local System (NT AUTHORITY\SYSTEM) account for the service identity, you do not need to configure the Service Principle Name.

Service Manager Properties

There are some global Service Manager properties that you can apply to all services running on a particular server.

To access Service Manager properties:

In the Explorer pane, select your server then select File > Properties.

General tab

Setting	Description
Ssl Validation Mode	Controls server behavior when an invalid certificate is received from the caller. This also applies to internal calls. Possible options: Throw (default, recommended) - Request will be rejected by the service if caller certificate cannot be validated. Ignore (not secure) - Validation mechanism will be turned off.
Ssl Certificate Thumbprint	Semicolon separated whitelist of certificate thumbprints that will be ignored by validation mechanism when Ssl Validation Mode is set to Throw.
IMS Server Url	The Url of the Bentley identity provider (AssetWise Session Service) used to obtain IMS tokens.
IMS Audience URIs	The expected audience value the tokens server receives when users connect with IMS. Default value: https://assetwise.com/.
IMS Admin Claim Type, IMS Admin Claim Value	This setting pair determines which Bentley authentication accounts are granted administrative access rights to configure this server (equivalent to those of Windows Administrators group). Only used in special cases when Bentley authentication is used to manage community in AssetWise System Management Console.
IMS Issuer Name	The Issuer name used by the IMS Server. Default value: https://imsoidc.bentley.com.
IMS Client Id	A client id supplied by Bentley to use for desktop application IMS logins.
IMS Client Scope	A valid scope supplied by Bentley in order to be allowed access to ALIM via IMS.

Setting	Description
ALIM Token Issuer	ALIM only accepts tokens issued by an issue with this name. Default value: ALIM.
ALIM Token Expiry (Minutes)	The ALIM internal setting for token expiry. Default value: 7200.
IMS Session Open Label	The ALIM internal setting for connections to Session service. Default value: alim.
IMS Session PAT Label	The ALIM internal setting for PAT handling. Default value: session.
IMS Session PAT Expiry (Days)	The number of days that the PAT is valid, when creating one from the Service Manager properties, Log On tab. Default value: 365.

Log On tab

Setting	Description
Windows Account	(read only) The Windows account under which the Service Manager service is running (known as the service identity).
Bentley PAT Account	This setting is defined for special situations when Bentley authentication is used by the services. The account specified here is used for all services connecting to Bentley authentication endpoints. This account must satisfy IMS Admin Claim Type and IMS Admin Claim Value requirements on the ALIM Server in order to have elevated privileges. Also, the Background tasks feature must be enabled in AssetWise Session Service for the selected IMS account. To populate the values, click Create, and then log in with your IMS account in the browser window. After successful log on, a success message appears in the browser Browser windows can be closed after the Bentley PAT Account values are visible in Service Manager properties. The PAT is controlled by the IMS Session PAT Expiry (Days) setting.

Setting

Description

Windows Account

(read only)

The Windows account under which the Service Manager service is running (known as the service identity).

Bentley PAT Account

This setting is defined for special situations when Bentley authentication is used by the services. The account specified here is used for all services connecting to Bentley authentication endpoints. This account must satisfy IMS Admin Claim Type and IMS Admin Claim Value requirements on the ALIM Server in order to have elevated privileges. Also, the Background tasks feature must be enabled in AssetWise Session Service for the selected IMS account.

To populate the values, click Create, and then log in with your IMS account in the browser window. After successful log on, a success message appears in the browser Browser windows can be closed after the Bentley PAT Account values are visible in Service Manager properties. The PAT is controlled by the IMS Session PAT Expiry (Days) setting.

Overriding Properties for a Service

By default, all services inherit their properties from Service Manager. Each service can override this configuration from its own Service Properties dialog.

When a service's property value is inherited from Service Manager, an [A] is prepended to the property name. For example, a service's Ssl Validation Mode property becomes [A] Ssl Validation Mode, if the service inherits the value of that property from Service Manager. If a service has its own value for a property and you want it to go back to inheriting the value from Service Manager, simply delete the property value that was configured for that particular service.