Hello I just enabled Legacy mode authorization in Jenkins and it seems that it has now locked me out of all the administrative privileges.
I need to create an admin account so that I can continue with Jenkins configuration. I have direct access to the server and have tried running this line from command line:
java -jar jenkins.war --argumentsRealm.passwd.jenkins=swordfish --argumentsRealm.roles.jenkins=admin Jenkins starts but I am unable to access it from the web when starting from command line.
I've also tried starting Jenkins through services.msc, which is how I typically start it, and passing it the parameters --argumentsRealm.passwd.jenkins=swordfish --argumentsRealm.roles.jenkins=admin. Jenkins starts and I am able to access it through the web, but unable to log in with the username.
Any ideas how get admin access back?
I deleted the entries related to security and authentication in the config.xml, restarted, and I am able to access again. I was able to add myself as an admin using matrix based security. Still not sure how to do it with legacy tho.
Recently, I had the same problem. I would try to login to jenkins (hosted on glassfish), and would encounter the same thing. Basically getting a glassfish error that the application was not available. If I cleared all temporary internet files from browser, browse to jenkins home page, I would be presented with the Jenkins login, and when I provided the correct userID and password, WHAMMO! Back to application not available.... This too was using matrix-based administration.
To fix:
Locate the config.xml of the userID that is experiencing problems, under "users" directory.
Deleted the "apiToken" tag under "jenkins.security.ApiTokenProperty" tag.
Bounced glassfish and was able to login again.
Related
WAS is configured to use an Active Directory to authenticate, but the default admin account was left on the local file repository. When the AD connection is working we are able to login to the admin console using the default admin account, but when AD is down we are not able to use the default admin account to login. Any ideas as to why this is happening?
Any help would be greatly appreciated.
Check this link Unable to authenticate when a repository is down. You didnt write which version you are running, but by default if one of the federated repos is down you will not be able to log in.
You can use updateIdMgrRealm wsadmin command to set the –allowOperationIfReposDown parameter to true. This will allow you to log in with the user from working repository.
I deployed Hudson war in Websphere 8.5 and it was successfully deployed and first time I tried the Hudson url workied fine and in the Manage Hudson I confifured LDAP details and saved without validated. Now when I tried the Hudson url http://localhost:port/hudson it is always asking the User name and password tried a lot uninstall the Hudson application deleted the profile recreated and redeployed Hudson but still Hudson is asking the User name and password. I am unable to find the config directory in websphere and also I don't know how to by pass this. Please any body help on this where to change and to go Manage Hudson page without login.
Take a look at root configuration file config.xml stored in HUDSON_HOME directory. This config file contains configured user security and LDAP configuration.
Find line
<useSecurity>true</useSecurity>
and replace it with
<useSecurity>false</useSecurity>
HTH
I have IBM RAD / WebSphere 7 installed locally. My web application I'm developing runs fine.
I'm trying to log into the WAS admin console.
In the "Servers" view, I right-click the server > Administration > Run Administration Console ... but I get a "webpage cannot be found" error page.
In Firefox, I attempt to browse to the admin console URL, I tried each of the following but no luck:
http://localhost:9091/ibm/console/logon.jsp
http://localhost:9091/ibm/console/
http://localhost:9060/ibm/console/
http://localhost:9060/admin
Any ideas what the URL is?
Or, alternately, if the admin console is not starting due to some error, is there a log file somewhere where I can find the error?
Any help is greatly appreciated!
Rob
The third of those would normally be the correct one, but the port number depends on what happened during the profile creation process. Find the profile directory and then look in the properties directory for the portdefs.props file. That will tell you what the correct port number should be.
It is possible to create a profile without the admin console application, in which case it will obviously never work. You could also try running wsadmin from the profile bin directory to see whether you can connect to the admin service that way.
Any errors from the admin console application will be reported in the normal log files in the profiles/profilename/logs/servername directory.
I'm trying to run a simple ASP.NET application with basic authentication on an IIS server. Interestingly, the authentication works fine on almost all servers except my production server. When I deploy the application on that machine, it keeps prompting me over and over for the credentials. Unfortunately, it is a lab machine that I don't have access to and I'm not able to view the logs either.
It's an IIS 7.5 server running on a Windows 2008 VM server I guess, and the content folder (where the default app is pointing to) is on shared with us (we have write access to that folder and that's how we are deploying our applications).
Outside authentication settings on the server, what other things could be causing the issue? Please advise.
Most probably this is a access permission to resources used by the web application.
The reason you see this repeatedly login prompt is that the account doesn't have the needed permissions.
First you have to determine if you are using impersonation or not.
If you do impersonate, the authenticated accounts need the necessary permissions.
If you don't impersonate, the application pool account needs the necessary permissions.
So what's the needed permissions?
Well, that could be a lot of things, and we don't know the details of your application.
Do you connect to a database?
Then you have to make sure that current account context has the right permissions to connect to the DB.
Do you read images/files from disk?
Then you have to make sure that current account context has the right permissions to access those resources.
If it is file resources that you are accessing, I would recommend you to use Fiddler and determine which path(s) you'll need to address. It will tell you by those 404 errors.
EDIT: Make sure that your app pool account has the needed permissions for this DLL you mention. Where does it fetch this list from? Is it static in the DLL? Where's this DLL located?
Please also check the event logs on the server for any related errors at the time you try to logon.
Scenario:
I set up successfully TFS2010 webdeploy task for solution. Everything worked fine until suddendly something went wrong in the deployment task.
Solution has 2 web projects..those are configured to deploy on build and publish it to the dev-server.
Does anybody have a knowledge what is wrong in build (information below)?
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v10.0\Web\Microsoft.Web.Publishing.targets
(3847): Web deployment task failed.
((4.8.2011 11:01:10) An error occurred when the request was processed on the remote computer.)
(4.8.2011 11:01:10) An error occurred when the request was processed on the remote computer. Unable to perform the operation. Please contact your server administrator to check authorization and delegation settings.
I can give more information if someone needs it.
I encountered the same issue when building via TFS. When I tried to manually import the website I got a more informative error: "not able to log on the user \WDeployConfigWriter".
Turns out that when you install web deploy it sets up two local accounts WDeployConfigWriter and WDeployAdmin. The passwords on these accounts are set to expire. So reset the passwords on the web server and set to "never expire". Then go to Management Service Delegation in IIS. Each of the presented rules has a UserName field. Where it is WDeployAdmin or WDeployConfigWriter right click and update the credentials to the new passwords.
A full explanation with screenshots can be found here: http://workinghardinit.wordpress.com/2011/07/18/wdeployconfigwriter-account-issues-trouble-shooting-web-deploy-2-0-with-lessons-learned/
All you have to do is re-run the script "AddDelegationRules.ps1" located in "C:\Program Files\IIS\Microsoft Web Deploy V3\Scripts\"
This is the script that is run when web deploy is first installed. It will re-create any missing delegations, re-set the passwords for both WebDeployAdmin and WebDeployConfigWriter, and add WebDeployAdmin back to the Administrators group.
You would still need to set the password on each account not to expire after re-running the script.
We had the same issue-- in our case we are only using MSDeploy (without TFS). Resetting the password for those 2 local accounts (WDeployConfigWriter and WDeployAdmin) solved the problem as their passwords had expired. We attempted to change the password policy to never expire, but only a local Administrator can do that.
run this command lusrmgr.msc
double click on user and
double click the account name, and tick "password never expires".
Done.
In my case it was a botched install of Web Deploy.
Uninstalling then re-installing Web Deploy fixed it for me -- Repairing didn't help.