[SOLVED] Lost access to admin account due to reboot

Good morning,

I was logged into an admin account on Ignition 8.1.12 and an operator rebooted the gateway PC. I then tried logging into the admin account several times which locked out the account (it was rebooting).

Luckily there was a backup admin account we could access but now we can’t login to the primary admin account. We can create new admin accounts and login but if we create an admin account with the original account name (new password) we can’t login to that account.

We have tried a reboot and got nothing.

Is there anything else we can do to recover the original admin account?

The lockout of an account is time-based (default of 15 minutes, see properties here: Classic Authentication Strategy - Ignition User Manual 8.1 - Ignition Documentation). You can also re-save a given user source to reset any active lockouts.

Are you getting anything useful in the gateway logs when attempting to login with this account?

Give me a minute. Trying this now…

So I deleted the user admin, re-added them, tried to login, and it failed. This is the only log message from that event.

And just to confirm, you’re deleting the user and re-adding to the same user source that is configured as System User Source under Config → Security → General?

Yes, I am dealing with the default user source of type Internal. I have no problem creating any other admin account and it works fine. The sole problem is the ‘admin’ account.

It looks like based on your screenshot, that profile should be default. You might try to go to Config → Security → User Sources and Edit that default user source–simply scroll to the bottom and click Save Changes to release any active lockouts. It might be interesting to then monitor the logs (prior to attempting a further login) to see if another lockout occurs. That might be an indication that there is a lingering designer session somewhere attempting to re-authenticate with the wrong credentials and causing a lockout.

1 Like

Another guy here found this thread.

And it appears we have access again. It is very weird that deleting the user and re-adding them didn’t clear the lockout.

Interesting… We’ll take a look at this–our docs certainly suggest that just a simple save is all that is needed to reset the lockouts… I’m glad that you’re going again–sorry for the trouble, and we’ll track some follow-up for this to make sure that the guidance in the docs is well aligned.

1 Like

Circled back on this, it does look like a simple re-save of the user profile is enough to reset the lockouts (no need to disable and re-enable). This aligns with the current guidance in the docs.

That said, I think it is pretty reasonable to be able to visualize the lockout status of a given user (and reset that specific user’s lockout status). I’ve created an internal feature ticket IGN-5976 to explore such a possibility (or at the very least perhaps make your course of action a reasonable way to clear the lockout for a user on deletion).

1 Like