Need some assistance... After upgrading to CF 11, we have some users who's AD accounts are being locked out while using a CF program. This wasn't happening on our previous version of CF. The code has not changed in any of the programs which leads me to believe that it's either a setting in IIS or in ColdFusion. Any ideas or suggestions?
Is CF11 on a different server from your previous version of ColdFusion? Were you using Anyonymous authentication in IIS on your old server and do not have that enabled on the new server?
Hello Carl -
Totally new environment but configured the same as the previous environment. Anonymous has been setup but removed for this one particular application since we need to know exactly who the user is without them having to login . The application seems to work as expected. For some users, their AD account is locked out after they use the system or have been in the system moving around. For others, like me, it works fine. We have a few hundred users using the system and maybe 50 or so being locked out. The browser cache has been cleared, any saved passwords locally have been cleared, etc... Nothing in the code has changed which leads me to either IIS or CF11 or some kind of new setting that was present in the older versions.
Unless you've wired up some CFLDAP functionality, most likely your authentication is being done entirely in IIS. You said the new environment is configured the same as the previous environment, but have you verified that all of the same permissions are applied to the application folder(s)? If you are using Windows Authentication, IIS will use the domain credentials to verify the user actually has read access to the file being served to ColdFusion. If you haven't made all of the application folders' permissions exactly the same as before, some users might get "locked out" of parts of the application.