CF2021 Lockdown Failure

Report · Oct 02, 2022

Is there a way to undo the ColdFusion 2021 lockdown tool?

I was following the lockdown guide and did skip one step (Setting up a separate drive to host my website files) which may be the cause of my problems: After running the lock down software for ColdFusion 2021, I can only partially access my IIS-based sites by using 127.0.0.1, and that is only partially. Otherwise, I am hitting server errors such as:

"The requested page cannot be accessed because the related configuration data for the page is invalid. Cannot add duplicate collection entry of type 'add' with unique key attribute 'url' set to '/jakarta/isapi_redirect.dll'"

I am sure it is some sort of file permissions error, but I have no idea where to start to restore my site.

Thank you

Report · Oct 02, 2022

I think I have only good news for you. First, you may not need to uninstall. Also, I doubt the error is a permission issue.

As for the error, that's an indication that some iis config element (xml) being set at the site level is already defined at the server level. There should be more detail in the error message page than what you quoted, indicating the file (perhaps web.config) and its path, as well as the line number.

If not, look for a web.config file in the root of the failing site, and look for some element referring to that isapi_redirect.dll, and especially a url attribute, as indicated in the error. Comment out that element (using html/xml rather than cfml comments), save the file, and repeat your request. You may see a new error, but there are not many such xml elements for cf.

Second as for the lockdown tool:

Yes, there is an uninstall for the autolockdown tool. It would have ben implemented with the installation, and should be available in an uninstall folder under the tool's folder.
There is also a log for the tasks performed, found under a lockdown folder with the cf folder
For more on the above, see two key Adobe resources on the tool, the docs and an Adobe blog post.

Let us know how things go. (I can help directly if interested, but clearly I'm also happy to help for free here.)

/Charlie (troubleshooter, carehart.org)

Report · Oct 02, 2022

Thank you so very much, Charlie. Your help is so on point, and on a Sunday. Do you have a tip jar or something?

I couldn't seem to fix that problem, so I did uninstall the lockdown and it got me back to a working state.

Report · Oct 02, 2022

Thanks for the kind regards. No tip jar, pe se, but I do have a link to my Amazon wish list on my blog. 🙂 Of course, we're all here to help each other. And as for it being Sunday, I happen to be in Vegas for the CF Summit starting tomorrow, and I was at my computer when you posted your challenge.

Bummer you weren't able to solve it before uninstalling, but I sense you feel the info may still help you going forward, and of course I hope it may help others who find this thread.

/Charlie (troubleshooter, carehart.org)

Report · Oct 03, 2022

Thanks again. I did send you something from your list.

Unfortunately, I wound up reinstalling ColdFusion because the uninstall of Lockdown didn't put things back and there were some weird things left (like getting errors about my clusters even though I never set that up, and certain features not working in CFforms.
Anyway, enjoy the conference. Sounds great.

Report · Oct 03, 2022

Again, thanks for that kindness. 🙂 and bummer that you had to go that route. For future reference, I'm confident that the problems could have been resolved, but I realize that in some cases, reinstalling will seem more expedient. And you've rerun the lockdown tool to your satisfaction? If so, great.

/Charlie (troubleshooter, carehart.org)

Report · Oct 03, 2022

No, I have not re-run the lockdown tool. The conditions that I ran it under previously are really the same, so I wouldn't expect different results. I think I'll need to do the changes manually.

Report · Oct 03, 2022

Oh, well, you certainly SHOULD be able to run it and have no problem. If you have a problem, it should be reported to Adobe and should be able to be fixed until they do. And note that the tool takes note of what it changes (and makes backups of some things) that it can restore on uninstall.

But I gather you're "once burnt, twice shy". So if you'll resort to manual lockdown, I understand. Sadly, the lockdown guide since cf2018 has been rewritten to presume one DOES use the lockdown tool.

/Charlie (troubleshooter, carehart.org)

Adobe Community

CF2021 Lockdown Failure

1 Correct answer