Copy link to clipboard
Copied
Before I start working on manually migrating over CF11 fix19 setttings over.
I was trying to update newly installed CF services to run under domain account. This account
has logon as services permissions and is an Administrator on our 2019 Windows server.
I keep getting logon failure. I made sure this account has full rights to f:\Coldfusion2021 install folder and its subs.
ty Jose
Thank you all for your responses. I worked with my AD team and resolved issue.
Domain account needed logon access, although I though local policy to logon as a service and
this account being local administrator was enough.
Jose
Copy link to clipboard
Copied
I am seeing that Server Auto Lock down tool needs to be run to apply dedicated account etc. WHen i kick off,
pre-reqs read
Mandatory:
I am working on Dev then UAT then Production.
Copy link to clipboard
Copied
Could you please say what the problem is? Updating the server? Logging in? Installing the Lockdown tool? I cannot quite figure out what the problem is.
Copy link to clipboard
Copied
The issue was AD related unfortunately after troubleshooting for a while. Even though I thought I had all the correct permissions set on Windows Server and local policy. The Domain account did not have rights to logon to this host. I thought I could run Lock Down tool to set account to run as was what I was missing. LockDown only for Production as I pretty much summarized from documentation.
ty for reaching out.
Jose
Copy link to clipboard
Copied
I've always been kind of squeamish about using the lockdown tool, because every lockdown situation I've run into in real life has been a little bit different from one place to another. That said, I think you have to take care of your AD accounts yourself, I don't think the lockdown tool can do that and it assumes you've set those up correctly. Ideally, you'd set the preconfiguration process up as a PowerShell script that you could easily move from one server to another. You'd then be more likely to know what's the same and what's different on your own servers.
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
Thank you all for your responses. I worked with my AD team and resolved issue.
Domain account needed logon access, although I though local policy to logon as a service and
this account being local administrator was enough.
Jose
Copy link to clipboard
Copied
@josed56603254 , thanks for the update and for sharing the solution.