Copy link to clipboard
Copied
I have a newly installed Win 2012 R2, IIS and CF 2018 Enterprise. Two websites set up in IIS, two instances created in CF, websites are not connected to cf yet. Static html is served perfectly by iis.
Following the instructions of the lockdown guide I run the lockdown program for one of the cf instances and the corresponding website. Autolock completed, but says there were errors.
In the logfile I found these statements where the error occurred:
2019-11-11 16:26:05 INFO - Change Permissions of ColdFusion file system: Error Logs
2019-11-11 16:26:05 INFO -
2019-11-11 16:26:05 INFO - Permissions changed for the user: IUSR for the path: "C:\cf18ent\cfsandbox\wwwroot\cf_scripts"
2019-11-11 16:26:05 INFO - Folder permissions changed!
2019-11-11 16:26:05 INFO - Successfully setup file system permissions for ColdFusion!
2019-11-11 16:26:05 INFO - Setting up registry permissions for ColdFusion!
2019-11-11 16:26:05 INFO - Now starting to change registry permissions!
2019-11-11 16:26:06 INFO - ColdFusion version is: 2018
2019-11-11 16:26:06 INFO - Now getting all registry keys!
2019-11-11 16:26:06 INFO - All registry keys to change received!
2019-11-11 16:26:06 INFO - Registry permissions were successfully changed!
2019-11-11 16:26:06 INFO - Successfully changed the registry permissions for ColdFusion!
2019-11-11 16:26:06 INFO - Changing logon users for ColdFusion services
2019-11-11 16:26:06 INFO - Trying to change logon user for ColdFusion
2019-11-11 16:26:07 INFO - Changing for: ColdFusion 2018 Application Server cfsandbox
2019-11-11 16:26:07 INFO - [SC] ChangeServiceConfig ERFOLG
2019-11-11 16:26:07 INFO - Failed to change the logon users for ColdFusion services!
2019-11-11 16:26:07 INFO - Rolling back the changes because of the Lockdown failure
2019-11-11 16:26:07 INFO - Rolling back: changeRegistryPermissions
2019-11-11 16:26:07 INFO - Reverting back the registry permissions changed during Lockdown
2019-11-11 16:26:08 INFO -
2019-11-11 16:26:08 INFO - Registry key not found. Caught NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
2019-11-11 16:26:08 INFO -
2019-11-11 16:26:08 INFO - SYSTEM\CurrentControlSet\Services\ColdFusion 2018 Application Server key permissions were changed.
So the error log claims that the service logon user could not be changed. But the service user has been changed succesfully, as I could see at the services window.
I have restarted the autolockdown program with administrative privileges, but the same error occured.
Funny thing: From my experience with manually locking down CF 2016, I checked the directory permissions and web connector settings in IIS, which both seems to be OK for me, so the autolock is partially succesfull, but does not complete.
What shall I do to get the autolock programm get working succesfully and complete the lock down process? And is there a guide for a manual lock down for CF 2018, or can I use the manual guide for 2016 either?
Any advice will be highly appreciated.
Best regards from germany
Ralf
Copy link to clipboard
Copied
Hi Ralf,
You lockdown has failed. That is why you are seeing this error. After failure, we rollback all the changes that might have gone in during lockdown.
After failure, we change the logon user permissions to the Admin user supplied during installation
One probable reason for failure is you selected the ColdFusion runtime user present as Yes, but the user didn't actually exist.
Can you recheck?
Also, Lockdown Guide for ColdFusion 2018 link is: https://www.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2018-lockdown-guide.pd...
Thanks,
Kailash