• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Error in CF 2018 Auto Lockdown: Failed to change the logon users for ColdFusion services

New Here ,
Nov 11, 2019 Nov 11, 2019

Copy link to clipboard

Copied

I have a newly installed Win 2012 R2, IIS and CF 2018 Enterprise. Two websites set up in IIS, two instances created in CF, websites are not connected to cf yet. Static html is served perfectly by iis.

Following the instructions of the lockdown guide I run the lockdown program for one of the cf instances and the corresponding website. Autolock completed, but says there were errors.

In the logfile I found these statements where the error occurred:

2019-11-11 16:26:05 INFO - Change Permissions of ColdFusion file system: Error Logs
2019-11-11 16:26:05 INFO -
2019-11-11 16:26:05 INFO - Permissions changed for the user: IUSR for the path: "C:\cf18ent\cfsandbox\wwwroot\cf_scripts"
2019-11-11 16:26:05 INFO - Folder permissions changed!
2019-11-11 16:26:05 INFO - Successfully setup file system permissions for ColdFusion!
2019-11-11 16:26:05 INFO - Setting up registry permissions for ColdFusion!
2019-11-11 16:26:05 INFO - Now starting to change registry permissions!
2019-11-11 16:26:06 INFO - ColdFusion version is: 2018
2019-11-11 16:26:06 INFO - Now getting all registry keys!
2019-11-11 16:26:06 INFO - All registry keys to change received!
2019-11-11 16:26:06 INFO - Registry permissions were successfully changed!
2019-11-11 16:26:06 INFO - Successfully changed the registry permissions for ColdFusion!
2019-11-11 16:26:06 INFO - Changing logon users for ColdFusion services
2019-11-11 16:26:06 INFO - Trying to change logon user for ColdFusion
2019-11-11 16:26:07 INFO - Changing for: ColdFusion 2018 Application Server cfsandbox
2019-11-11 16:26:07 INFO - [SC] ChangeServiceConfig ERFOLG

2019-11-11 16:26:07 INFO - Failed to change the logon users for ColdFusion services!
2019-11-11 16:26:07 INFO - Rolling back the changes because of the Lockdown failure
2019-11-11 16:26:07 INFO - Rolling back: changeRegistryPermissions
2019-11-11 16:26:07 INFO - Reverting back the registry permissions changed during Lockdown
2019-11-11 16:26:08 INFO -
2019-11-11 16:26:08 INFO - Registry key not found. Caught NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
2019-11-11 16:26:08 INFO -
2019-11-11 16:26:08 INFO - SYSTEM\CurrentControlSet\Services\ColdFusion 2018 Application Server key permissions were changed.

So the error log claims that the service logon user could not be changed. But the service user has been changed succesfully, as I could see at the services window.

I have restarted the autolockdown program with administrative privileges, but the same error occured.

Funny thing: From my experience with manually locking down CF 2016, I checked the directory permissions and web connector settings in IIS, which both seems to be OK for me, so the autolock is partially succesfull, but does not complete.

What shall I do to get the autolock programm get working succesfully and complete the lock down process? And is there a guide for a manual lock down for CF 2018, or can I use the manual guide for 2016 either?

Any advice will be highly appreciated.

Best regards from germany

Ralf

TOPICS
Server administration

Views

333

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Nov 13, 2019 Nov 13, 2019

Copy link to clipboard

Copied

LATEST

Hi Ralf,

 

You lockdown has failed. That is why you are seeing this error. After failure, we rollback all the changes that might have gone in during lockdown.

After failure, we change the logon user permissions to the Admin user supplied during installation

One probable reason for failure is you selected the ColdFusion runtime user present as Yes, but the user didn't actually exist.

Can you recheck?

 

Also, Lockdown Guide for ColdFusion 2018 link is: https://www.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2018-lockdown-guide.pd...

 

Thanks,

Kailash

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation