I have downloaded the latest version of the auto-lockdown tool from the adobe website and have the latest CF update/hotfix (13) installed. I have tried running the auto-lockdown tool (for Windows/IIS) several times , following the lockdown guide to the letter. I was able to install this on another server with no issue. I have tried the following multiple times:
1. running tool, uninstalling tool , running tool again
2. running tool, uninstalling tool, uninstalling CF, uninstalling IIS, deleting the user created by the tool, clearing partitions, restarting server, reinstalling CF, running tool
Everytime I run the tool, it finishes, but says there are errors. In the installation log, the only thing that looks odd is after it tries to remove the new CF user from all groups - it says "Failed to create the user!", but doesn't specify what user it's trying to create (The new CF User account was already created earlier in the process, so maybe it's an IIS User?):
2025-04-15 14:20:40 INFO - Removed all unwanted groups!
2025-04-15 14:20:40 INFO - Trying to give permissions to the user!
2025-04-15 14:20:40 INFO -
2025-04-15 14:20:40 INFO - Failed to create the user!
2025-04-15 14:20:40 INFO - Rolling back the changes because of the Lockdown failure
2025-04-15 14:20:40 INFO - Nothing to rollback as Lockdown has been successful!
...it then proceeds to rollback everything:
2025-04-15 14:20:40 INFO - Rolling back: getRequestFilteringData
2025-04-15 14:20:40 INFO - Now trying to delete all settings for website: mysite
2025-04-15 14:20:40 INFO - First, trying to remove all allowed sequences
...and ends with the following:
2025-04-15 14:20:43 DEBUG - com.zerog.ia.api.pub.NonfatalInstallException
at com.adobe.ia.action.coldfusion.LockdownColdFusion.install(LockdownColdFusion.java:76)
at com.zerog.ia.installer.actions.CustomAction.installSelf(Unknown Source)
at com.zerog.ia.installer.InstallablePiece.install(Unknown Source)
at com.zerog.ia.installer.InstallablePiece.install(Unknown Source)
at com.zerog.ia.installer.InstallablePiece.install(Unknown Source)
at com.zerog.ia.installer.InstallablePiece.install(Unknown Source)
at com.zerog.ia.installer.GhostDirectory.install(Unknown Source)
at com.zerog.ia.installer.InstallablePiece.install(Unknown Source)
at com.zerog.ia.installer.Installer.install(Unknown Source)
at com.zerog.ia.installer.actions.InstallProgressAction.ae(Unknown Source)
at com.zerog.ia.installer.actions.ProgressPanelAction$1.run(Unknown Source)
Strangely, it doesn't rollback/delete the new CF User Account it created.
I've attached the full lockdown installation log for context.
Can someone help me figure out why this won't complete successfully? I noticed while trying to run the lockdown tool, I couldn't get past the "create a CF user" step without several tries trying different passwords, until it finally accepted one that was pretty short. Are there undocumented password requirements for the lockdown tool? Could there be an issue with the lockdown tool accepting/using password of the main Windows Administrator account (it has special characters and such)?
AdChoices