Gravatar for bberriz@lifeextension.com

Question by Ben, Aug 31, 2015 9:33 AM

Sitecore Admin Account Locking

We are experiencing an issue with our Admin account becoming locked out on a regular basis. We have CES installed on it's own server. The content management server site receives an error in the searchboxview.cshtml since the account is locked. This error is not shown on the content delivery site since the securtyconfiguration block of the searchprovider.config is set according to documentation.

<securityConfiguration type="Coveo.Framework.Configuration.SecurityConfiguration, Coveo.Framework">
    <SkipSitecoreCredentialsUpdate>true</SkipSitecoreCredentialsUpdate>
    <SkipSitecoreLoginCheck>true</SkipSitecoreLoginCheck>
</securityConfiguration>

The searchprovider.config of both CM and CD have a matching setup except for the changes we made to CD. If we unlock the account, the CM site works again, and there are no issues or errors thrown until the account is somehow locked again. While it is unlocked we are able to search without issue. If any further information is needed, let me know.

Exception: Coveo.Framework.Exceptions.CoveoIndexConfigurationException
Message: There was an error in the Coveo Index Configuration.: Either the SitecoreUsername or SitecorePassword configuration value is invalid. Please enter valid credentials.
Source: Coveo.Framework
   at Coveo.Framework.Configuration.CoveoIndexConfiguration.Validate()
   at Coveo.SearchProvider.ProviderIndexBase.Initialize(IIndexDocumentPropertyMapper`1 p_DocumentTypeMapper)

ManagedPoolThread #13 00:47:41 ERROR Exception
Exception: System.Reflection.TargetInvocationException
Message: Exception has been thrown by the target of an invocation.
Source: mscorlib
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
   at (Object , Object[] )
   at Sitecore.Pipelines.CorePipeline.Run(PipelineArgs args)
   at Sitecore.Jobs.Job.ThreadEntry(Object state)
1 Reply
Gravatar for jflheureux@coveo.com

Answer by Jean-François L'Heureux, Aug 31, 2015 10:54 AM

If your Sitecore admin account is not sitecore\admin or its password is not "b" or you changed its password recently, you have to set the Sitecore credentials in Coveo for Sitecore (see Configuring the Sitecore Credentials). This will update the <SitecoreUsename> and <SitecorePassword> nodes of your Coveo.SearchProvider.config file.

After the change, you need to index at least 1 Sitecore item for the credentials synchronization with CES to be done. You should also synchronize the changes to the config files on all your CD servers. The password is encrypted with the \Data\Coveo\ConfigurationEncryptionKeys\RijndaelEncryptionKeys encryption key. You should also ensure this key is the same on all the CM and CD servers.

Those credentials are set in a User Identity in CES that is used by the CES Security Provider to expand the Sitecore roles while indexing.

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, Aug 31, 2015 10:57 AM

Also, the <SkipSitecoreCredentialsUpdate> and <SkipSitecoreLoginCheck> options are available only since the May 2015 release (3.0.1026) of Coveo for Sitecore. If you run an older version, your CD servers always try to log to Sitecore when the indexes are initialized and always try to update the CES User Identity with the Sitecore credentials.

Gravatar for bberriz@lifeextension.com

Comment by Ben, Aug 31, 2015 11:51 AM

We're on Coveo for Sitecore .1081. As for the CD-CM sync of the admin account, are we supposed to run the Coveo Configuration from every individual server, and trigger an index from all of them as well?

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, Aug 31, 2015 12:00 PM

Normally, you don't have access to /sitecore and to the Sitecore control panel on your CD servers so you cannot run the configuration wizard on those.

  1. You should run the configuration wizard on the CM server.
  2. Then, you should copy the modified configuration nodes to the CDs configuration files manually.
  3. Do not forget to synchronize the \Data\Coveo\ConfigurationEncryptionKeys\RijndaelEncryptionKeys encryption key file on the CM and CD servers as it is used to excrypt/decrypt the passwords. It should be the same on all your Sitecore farm servers.
Gravatar for bberriz@lifeextension.com

Comment by Ben, Aug 31, 2015 12:30 PM

Okay, that's good, I was a little confused about accessing Sitecore through a CD. What you have above is our setup, and those are the steps we have taken, with the exception of adding the skip nodes on the CD servers.

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, Aug 31, 2015 1:24 PM

The exception you included in the original question is probably from your CM server as you have the <SkipSitecoreLoginCheck> option set to true on all your CD servers. This means your Sitecore credentials are not good on your CM server and this is probably the cause of the locking of this account.

If this doesn't help, please contact Coveo Support with the following information:

  • A copy of the Coveo.SearchProvider.config files of all your servers (CMs and CDs).
  • The output of the showconfig.aspx page on your CM server.
Ask a question