Navigation:  System Requirements > Server side Requirements > Application Server Middleware (Servlet Engine) > Apache Tomcat > Recommended Servlet Engine (Tomcat) Configuration > Tomcat Security Settings

If there is a security guideline that your network component communication is restricted for certain authentication methods, these methods have to be synchronized with Apache Tomcat.

 

Note: If no LAN manager authentication level is set in your network or if LM, NTLM and NTLMv2 are not refused explicitly, you do not need to configure this setting.

 

Review your security setting of your GIS Server:

Execute secpol.msc, navigate to Security Settings, Local Policies, Security Options and double-click Network security: LAN Manager authentication level.

 

 

Set the level in Java option of Tomcat configuration by adding:

-DARCGIS_LM_COMPATIBILITY_LEVEL=

and add the value of the level chosen from this list:

 

Value Meaning

 
0 Clients use LM and NTLM authentication, but they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication.
1 Clients use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.
2 Clients use only NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controller accepts LM, NTLM, and NTLMv2 authentication.
3 Clients use only NTLMv2 authentication, and they can work with NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.
4 Clients use only NTLMv2 authentication, and they can work with NTLMv2 session security if the server supports it. Domain controller refuses LM authentication responses, but it accepts NTLM and NTLMv2.
5 Clients use only NTLMv2 authentication, and they can work with NTLMv2 session security if the server supports it. Domain controller refuses LM and NTLM authentication responses, but it accepts NTLMv2.