Glassfish: Admin console logs me out before timeout - glassfish

The glassfish admin console (the web-gui) keeps kicking me out after a quite short amount of time. The default session timeout of 60 minutes wasn't changed. By a short amount of time I'm talking about like 5-10min.
Any idea what might cause this?
I'm connected via localhost without password, but also tried to set a password.

The problem was that I had an application deployed on root-level-context "/" and everytime this app logged out it also killed my admin-gui-session (which was in another tab open in the same browser).

Related

Sign out the user if he lost the connection to backend database

I've an Access application located on a server with backend tables.
The application recorded the users sessions; login if they started the app & logout if they closed it.
Sometimes the user lost the connectivity with the server and the application been restarted, the user remains login on the previous session because recording logout from a normal exit not occurred.
Is there a way to check on the backend file if a user is disconnected to record him as "signed out"?
I think your referring to the *.laccdb file that access creates when someone is logged in to the BackEnd table.
Usually if it does list the same PC twice, once all PCs eventually logs out of the BE the *.laccdb should disappear if not, you can delete this file manually however, if the user looses connection ie the VPN goes down and doesnt log back in, then the BE will show that the PC is connected, in this case usually you can delete the *.laccdb.
If at any time you can not delete *.laccdb file Ask the user with the listed PC to log out. Worst Case if a user is not logged in but the *.laccdb exists the listed PC needs to reconnect and disconnect cleanly.
If the FE needs to check for connection to the BE it can be done but will not solve your issue, if the users PC crashed or VPN goes down whilst in the application then there very little that can be done because its too late, the damage is already done.

Failed User Login | Drupal 8

I have developed a website in Drupal 8 and have deployed it to production. I have created 7-8 other accounts for my content management team and have granted them limited privileges for creating, editing and deleting content.
Of late, I am facing a problem with the user login form, wherein the login works sporadically. Sometimes I am able to log in as the administrator in the first attempt, sometimes I am not. In the latter case, I have to reset my password via email using the reset password option. However, this approach works only temporarily for a single session, which means that as soon as I log out, I am unable to log in. My content managers are also experiencing the same problem.
I have tried the below things but no luck.
Truncating the flood, session, and all the cache tables and flood table manually from the database.
Disabling the Recaptcha module in the login form.
Enabling and disabling the HTTP Basic Authentication module.
Disabling server proxy configuration through the settings.php file.
Performing Drupal updates by running the update.php file.
The incorrect username and/or password error in the login has not been handled. When an incorrect username/password is entered the page only refreshes without displaying any custom message.
Edit: I have just observed that I had luckily forgotten to log out as the super admin on the site from another browser, Firefox. I investigated further to fix this problem and observed a pattern. I am able to login as the administrator when I manually clear the cache from Firefox (where I luckily forgot to logout). However, this works only for one session, which means after logging out the bug reappears. In order to make the login to again work as expected, I have to again clear the cache from Firefox.
Okay, after much banging my head over the wall for nearly a week, I have found a workarpund solution to this problem by uninstalling Internal Dynamic Page Cache and Internal Page Cache modules.
The problem was that the user login form was getting cached after one successful login. Using the Chrome developer tools the following response header was getting set and sent by Drupal.
X-Drupal-Dynamic-Cache: HIT
To elimnate this I had to uninstall the above two modules.
However this is just a workaround and not a solution, since disabling these two modules will have a tradeoff with the site performance.
Anyone who knows the solution to this problem, please post it here. I shall try them and update this space.
Thank you in advance.
I had issues in local environnement with a custom Login form too. The behaviour was different because for me.
It was the first login attempt just after clearing the cache drush cr that would fail, even if in the logs it was recorded that the user was successfully logged.
I fixed it in my Controller, by using a bit of code from the Core core/modules/user/src/Plugin/Block/UserLoginBlock.php
$form = $this->formBuilder()->getForm('Drupal\user\Form\UserLoginForm');
$placeholder = 'form_action_p_4r8ITd22yaUvXM6SzwrSe9rnQWe48hz9k1Sxto3pBvE';
$form['#attached']['placeholders'][$placeholder] = [
'#lazy_builder' => ['\Drupal\user\Plugin\Block\UserLoginBlock::renderPlaceholderFormAction', []],
];
$form['#action'] = $placeholder;
$build['user_login_form'] = $form;

What permissions/policies are needed to support loadUserProfile=true for new application pools?

Something happened on my development workstation (Windows 8.1) in the last few weeks which require me to either run my App Pools with the "Load User Profile" setting at False or not run with the identity set to ApplicationPoolIdentity. If I were to create a new app pool, using ApplicationPoolIdentity as the identity and with loadUserProfile=true, the following happens when trying to load the application in a browser:
A number of errors in the Windows Event Log (both System and Application types):
Warning event 1509 - Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\VSCommon\12.0\SQM\sqmdata-7236-039-00000.sqm to location \\?\C:\Users\[Name of App Pool]\AppData\Local\Microsoft\VSCommon\12.0\SQM\sqmdata-7236-039-00000.sqm. This error may be caused by network problems or insufficient security rights.
Error event 1511 - Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Another 1509 warning
Error event 1500 - Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
5 x event 5022 warnings - The Windows Process Activation Service failed to create a worker process for the application pool '[App Pool Name]'. The data field contains the error number.
Finally an error 5002 - Application pool '[App Pool Name]' is being automatically disabled due to a series of failures in the process(es) serving that application pool.
The App Pool is shut down, as the error 5002 said
"HTTP Error 503. The service is unavailable." is then seen in the browser. Any further requests are met with the same (which makes sense since the app pool is shut off).
I've seen a common "fix" for this here and here which basically say to turn off profile loading. Yes it makes the problem go away, but this doesn't get to the root cause. I know that it is possible to run with this configuration as a I have a Windows 2012 machine which supports the configuration just fine. In this case, hitting an app with a new app pool set to ApplicationPoolIdentity and loadUserProfile=true actually creates the new user profile (I can watch as the profiles folder is created in C:\Users) and the app runs merrily. What's worse is I know this configuration worked on the problem machine just a few weeks ago. I have a number of App Pools I created which have their own profiles and folder under the C:\Users folder. These app pools work just fine NOW with the ApplicationPoolIdentity and loadUserProfile=true settings. It's just that NEW app pools refuse to run and load a user profile.
Does anyone have any insight to what might be going on?
Edit: I read the bottom of this recent article. It's a bit contradictory in saying that the setting can be turned on, but also says:
Only the standard application pools (DefaultAppPool and Classic .NET AppPool) have user profiles on disk. No user profile is created if the Administrator creates a new application pool.
However, if you want, you can configure IIS application pools to load the user profile by setting the LoadUserProfile attribute to "true".
I'm very confused.
The SQM file listed in the event log warning was created by a Windows or Visual Studio update. When the user profile service or application pool runs and tries to create a new profile, it tries to copy the file to the profile. The SQM file requires administrator permissions to copy. The user profile service or application pool does not have sufficient permissions to copy the file, an error is generated, and the user profile is not created. Without a user profile, the application pool cannot run because it doesn't have an isolated secure place to store data.
Remove or delete the SQM file from the source directory, and the user profile will be created successfully when the app pool is initialized. You can also change the permissions on the SQM file, but I'm not sure what the appropriate permissions should be. The user profile service runs as "LocalSystem Account". See its documentation for permission info. It's unclear to me whether the application pool identity itself is being used to perform the copy operation, or the local system account.
If you remove the file from the source directory, you could also manually copy the file where it was trying to go as well.
After a very brief search about what SQM is, it seems like it is traditionally used as "service quality management". Usually it would contain information to send back to the program authors with metrics, logs, or somesuch. I don't know if this is the case with this file or not. So it doesn't seem like it's important to include it in the new profile.
I can't take 100% credit for this answer, as I was tipped off by a comment attached to an answer on some other question. I can't find the link to it in the 50 browser tabs open for troubleshooting this. That guy deserves a thank you, because I believe this is a much better solution than compromising the security of a server by pooling all the resources together like in IIS 6.
P.S. As noted in your comment, a bug report has been filed.

.NET windows service randomly stops and will not start due to a login failure

I created a service which monitors a few servers and file shares for exchange. Written in VB.NET 2.
The service is installed and running fine(ish) but randomly and without any warning or entries in the event log it stops.
Upon noticing it stops (the web front end that it generates stops working) we have to manage ther hosting server to attempt to start it again.
If we simply try to restart it, it fails to start with a logon failure.
We then go in to the properties and re-enter the service account password, start the service again and it works fine (until the next unannounced stop)
As mentioned there are no event log entries and no pattern to the stopping.
Just wondering if anyone else has had this kind of problem and if there is anything i can do to remedy this?
Thanks guys.
This could be caused by:
An expired user password (Make sure the user account is configured with the Password never expires option checked). This is a frequent problem, although it is probably not the case here as re-entering the password is enough to make it work again.
Another batch job or service using the WRONG password for the account and thus locking out the service.

Logoff script to change user

Using Windows 2003, I'm look for a way to create a "logoff script" that will continue with the current logoff then immediately login another user. So, "UserA" logs off. Script fires to login "UserB".
This is part of an application upgrade for a computer where we have written the 'shell'; similar to a kiosk application. For the upgrade we need to logon as 'Adminstrator' then, when the upgrade has completed, logoff 'Administrator' and logon as 'sample_user'. We would like to accomplish this WITHOUT rebooting.
Note, I do not want a script that will initiate the logoff (i.e. "shutdown"). I'm looking for a script that will run upon the user logging off (set via Group Policies). As above, the script should log a different user on.
Thanks.
Don't think it's possible in the stated way (script at logoff).
You'd have to set the machine to logon automatically as a specified account and then log off (having it log on automatically for you) and then you'd have to disable that feature again afterwards, by placing a temporary logon script... generally sounds messy.
The actual setting can be made using tools like Microsofts Shared Computer Toolkit or similar (not so sure how the "normal" registry auto-login behaves at manual logout but I've had an XP kiosk that would automatically log on instantly, even if you logged out manually - you had to override it using some key like shift+logoff to be able to manually specify the login again, so somehow it can be made).
The "easiest" way might be to replace msgina.dll with someone of your own making...
But why are you doing this? Just use runas and start whatever you need to do as that other user without logging off the console user - it's a multi-user system afterall? The desktop is just fluff ^^
(This will anyhow require that the user credentials are available to your script, which kind of makes it redundant as you compromise the security of that account - defying the purpose of having that second account in the first place, for whatever purpose it exists?)
I would try setting the registry to autologon with the user you want, and then simply logging off the admin user. That should log your kiosk-user right back on.
Not sure how to login another user once the current user logs off (not sure if windows would let you...)
But you can use shutdown to logoff:
shutdown /?
Here's some ideas that probaly fall into the "cheap hack" category:
How about logging in at UserB in the first place, and then using runas /user:userA <cmd> to run the first part of the install process?
If that's unacceptable, I know there's a way to make Windows workstations (those that aren't part of a Domain) automatically log in into a certain user account after a restart. Perhaps if you looked into which Registry changes happen, and duplicated them, a reboot would automatically log in that user. (Of course, as a final stage, after userB logs in, you would have to revert those changes :-)
It also occurs to me to wonder if perhaps there's a way for a service to force an open "login screen" to log in as a certain user. Maybe using some method like the way the Remote Desktop does it remotely... If that's possible, then you could create a service that you install before logoff of userA, that would trigger the login of userB.
You can script it with VNC (there are many free versions, take your pick). Set up a VNC server process on the machine to listen on localhost. When the user logs off, your logoff script will connect to the machine using VNC and send the keystrokes necessary to log on the next user. VNC uses the RFB (remote framebuffer) protocol; there are libraries for most popular languages, so you should be able to get something working quickly. Or there are related tools that might help.
If you were to run something like this as a normal script in a given language, it would most likely not work as when you log out of your account, all processes should be killed along with your running script.
You might be able to create some sort of 'service' that would run on a service account (i.e. always active) that would automatically do this user switching for you.
My bets are on Windows Powershell, although I'm not entirely sure what functionality it has as far as actually creating a service.
A quick search brings up the following (The second link is to a forum but it mentions running Powershell as a service and sending that service a parameter which would be the path to your user switching script)
How to Create a Windows Service using Powershel
Powershell Script as a Windows Service
I don't have a Windows 2003 server or a system with a "Group Policies" setup to test my hunch but you could take a look at SU ("switch user") for Windows. Originally part of the Resource Toolkit this has been extended to a new SUperior SU. Do post the results/script if this works.
You could approach this from the perspective of building a remote control utility (like VNC, etc). The big thing here is that if you want access to the Logon screen (i.e. the CTRL + ALT + DEL / username/password) part, the only kicker is that a Windows Service is the only component that can access this, so you'd have to create one.
The only problem I see with this technique as a whole is that even if you spent a great deal of effort getting it to work (and it would be a pretty big effort), the chances of this working successfully with the whole thing originating from a logoff script (i.e. when stuff is shutting down) are low even due to the number of things that can go wrong when logging back on as Administrator.
Just remember that for anything you need to run as an Administrator, there are easier ways in Windows to make that happen (such as Run As, changing the user permissions on the items that need to update, etc).