I installed ColdFusion 10 on a Windows Server 2008 R2 a couple months ago with no problems. I have been testing the server since without it plugged into the network and have had no problems. Yesterday I plugged it into our network and everything worked like a charm with the exception of SMTP. I was troubleshooting SMTP and finally realized this morning that I needed to set the SMTP in ColdFusion. I tried to login to the ColdFusion Administrator and it said it was an "Incorrect Password". I was able to successfully login to the Admin yesterday multiple times but not today.
I have run the passwordreset.bat and selected "1" then typed in the new password and confirmed the password then the popup went away. I restarted the ColdFusion service then closed the browser and reopened the browser and typed the password and still received the "Incorrect Password".
I also went into the "neo-security.xml" file and changed the "admin.security.enabled" boolean value from "true" to "false" to get into the Administrator without a password. I was able to login to the Administrator without a password but when I made a change and hit "Submit" it didn't accept the change and it gave me an error:
"There was an error accessing this page, check logs for more details.
The log file showed the following error:
"There was an error while verifying the token. Either the session timed out or un-authenticated access is suspected."
I'm not really sure what else to do at this point besides re-install ColdFusion which is my last resort on a production server. If anyone has any possible solutions please let me know.
Can you please "admin.security.enabled" boolean value from "false" to "true" and reset your currect browser, also try to access the administrator from a different browser and from the different machine.
Please let me know that fixes the issue.
I went back in and set the value back to true then reset the browser on the server. When I attempt to login to the CF Admin from the server it still tells me the password is incorrect. I was able to go to a workstation and access it through a browser and login successfully there. I don't understand why I can access it via a browser on a workstation but not at the server where it actually resides.
Thanks for your response.
Can you please try to access the ColdFusion Admin in your workstation by using the machine IP address instead of Localhost or 127.0.0.1 and check if that will help.
At further investigation as Shilpi recommended I send the network request/response. I found that the URL path I was using http://localhost:8888/cfusion/CFIDE/Administrator/
I did tried on 3+ machines and all browser I can get (IE, FF, Chrome, Safari) with no luck.
However, I solved the problem. For some reason, I start the IIS "Default Web Site" which makes http://localhost works. Then I browse to localhost/CFIDE/admistrator and everything works!!! But it works for localhost only, if I put the real IP or the real url, it doesn't work.
Anyone has any clue?
I think the default setting in the CF 10 Administration is for localhost access only and I would not recommend changing this setting. A vast majority of CF hacks are related to CFIDE/Administrator access. I recommend going further and removing CFIDE as a virtual directory on your sites and create a new one that points to an empty directory then add a scripts virtual directory under it that points back to the original CFIDE/scripts directory. There are one or more threads on this site that describe the process.
I had the same issue accessing cfadmin from the browser on the server. For me the issue was that the browser couldn't download and exeute the script "/CFIDE/administrator/sha1.js", needed for the cfadmin login form to work, due to IE running in protected mode by default on Windows Server.
My solution was to add the server URL to the "trusted sites" zone in Internet Explorer.
Hope this helps.