We've installed CF 2018 but are having an issue running the Auto-lockdown tool for 2018 Server. It won't accept the CF admin credentials we put in as valid. We've confirmed multiple times including copy/paste from notepad into both CF admin and into Auto-lockdown tool and CF Admin logs in fine. Just Auto-lockdown won't accept. Anyone else hit this?
I have tried setting the cf admin login to both "use a single password only" as well as the "separate user name and password authentication". Neither makes a difference...
No one else hit this?
To add a little info... we've tried re-installing CF 2018 again (after uninstall and reboot) and still same issue. We did realize though that when we install CF 2018 installer isn't giving us that screen that ties the install to iis... instead we have to use wsconfig.exe after we install to add the connection. Perhaps the cause of that is related to our issue?
Can you share the the content of the logs generated?
The log file will be generated in [CF Home]\lockdown\cfusion\Logs directory
File name starts with Server......
Also, what profile have to installed lockdown with?
Finally, what port are you supplying for the administrator? Is the internal webserver port (something like 8500/8501 etc) or the webserver port (80 or 443)?
Server Auto-Lockdown will work only for the internal webserver ports as according to the lockdown guide, we don't want the users to be opening ColdFusion Administrator using the webserver ports
Hi Kailash and Pete,
I looked through the logs and did find one error there in the other file that starts with Adobe_Coldfusion...
|Additional Notes: ERROR -||class com.adobe.ia.action.iis.WebserverValidator.install() runtime exception:|
For the profile I installed CF with Production + Secure.
And for port I'm using 8500 which gives me the admin fine if I pull it up in a browser and I can use the credentials there without issue.
I'm wondering as noted above if related to the same reason why we don't get the iis setup screens during cf install but instead had to go in after and run wsconfig.exe. Is there something about our IIS setup that perhaps isn't right/complete?
Thanks both of you for your help!
Lets get on a call to better understand this issue. Can you share your email and a suitable time for you (along with your timezone)?
We sit in the IST time zone
OMG... might have this figured out... will update shortly!
Here's the OMG moment...
You can't use the symbol & in your cf admin password for when doing the lockdown!!!!!
It's ok for cf and you can login to the admin but the lockdown tool won't accept it...
P.S. - Thanks to Sandip at Adobe who mentioned there were issues originally with ? in password which made me re-asses the password usage of &. Thanks Sandip for your tireless help the past few days working through various issues. Amazing support from Adobe. Nice to see after using/praising CF since around 1996...
Good to know Fred, thanks for sharing the details.
No worries Pete. Hopefully can avoid someone else hitting their head against their desk in the future.
Thanks for the information fred.
No worries Kbihani1. Now if can only solve my other issue (see other thread)... hitting head against desk...
I have run the lockdown installers several times and I haven't hit that issue yet. So I would guess that it is not really that your password is incorrect, but rather it is having trouble with something else. When you do hit an error with the lockdown installer it is not always very obvious what the problem is. Certainly dig into the logs as Kailash mentioned that usually helps.
And here is another limitation, at least at win 2012 R2: The password for the user for the CF service must not be longer than 14 characters. If the password is longer than 14 chars, the auto lockdown will not be able to assign the user to the cf service and will not complete.
I am experiencing the same issue with the CF 2021 auto-lockdown tool. I can login to the CF admin console using the root password just fine, but those same credentials will not work for the auto-lockdown tool. I have not run into this issue with the auto-lockdown tool for previous CF versions. I have tried various different passwords, restarting CF multiple times, both single password and multi user settings, even no authentiction required, enabled/disabled concurrent login sessions. I've tried just a simple password with not special characters (i.e. apple). Nothing works. Anyone have any suggestions?
I should also mention that I am just using the default port 8500 and default username of admin at this time.
After checking the logs, I was getting errors due to certain packages not being installed (I used the new "lightweight" zip deployment/install process ... which apparently is only "lightweight" because it leaves out a bunch of packages that you are going to just have to install manually anyways ... brilliant!!). One by one, I installed the missing packages (first PDF, then Feed, then Search) until I stopped seeing errors and then lo and behold, it started accepting my credentials. Could it just not have told me I needed to install those packages instead of telling my my credentials were invalid? Or at least tell me there were errors and where to check? Just mind numbingly bad. This was way more painful than it needed to be.
That's certainly interesting. Thanks for sharing it.
So the bottom line is that your inability to login to the cf2021 auto-lockdown tool was because you were running it against a cf2021 implemented via the zip install process, where you'd not yet implemented any modules via the new tool cfpm, right?
It surely seems reasonable to expect it should work in this case, and it's worth your reporting as a bug at tracker.adobe.com. Of course, the zip installer is quite new, and there may be rather few folks who would do all 3: install via the zip, not implement any modules at all, and run the lock down tool. But it should be expected to work, I'd agree .
Thanks for the follow up, Charlie. I had installed some modules already, but only when errors cropped up due to them not being installed (this was before I started the lockdown process). And using the zip install process was the only way I could even get a working CF2021 instance up and running. I initially used the GUI install, but the result was that the CF admin console would never load. This is my first CF2021 install and so far it has not been near as smooth of a process as previous CF installs I've done over the last 15 years or so. I'll be sure to report to tracker.abobe.com when I get a chance.