tracker issue : CF-4185383

select a category, or use search below
(searches all categories and all time range)

ColdFusion 11 Updates do NOT install when ColdFusion is running as local user account

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/NotABug

Reporter/Name(from Bugbase): Wil Genovese / Wil Genovese (Wil Genovese)

Created: 08/30/2016

Components: Hot Fix Installer

Versions: 11.0

Failure Type: Non Functioning

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Critical / Most users will encounter

Locale/System: ALL / Win 2008 Server R2 64 bit

Vote Count: 5

Problem Description:
When ColdFusion is running as another user besides "Local System" Updates do not complete. It fails to write one file, C:\ColdFusion11\cfusion\hf-updates\updates.xml. This file is nothing more than an XML file that contains a list of applied updates.

Adobe issues a Lockdown Guide that HIGHLY recommends that ColdFusion be run under a local user account with limited permissions. This prevents ColdFusion Updates from being installed even when the above file or even the entire ColdFusion 11 folder has been given full read, write, execute permissions for the local user account that ColdFusion is using. 

Steps to Reproduce:
Run ColdFusion 11 as under a local user account.
Try to install a update.

Actual Result:
Update is NOT FULLY  applied 

Expected Result:
I expected it to actually work.  

Any Workarounds:
Restart ColdFusion under the Local System account.
Run ColdFusion Updates and restart ColdFusion to make sure the updates were applied.
Restart ColdFusion under the restricted local user account.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4185383

Reason:	PRNeedInfo

External Customer Info:
External Company:  
External Customer Name: Wil Genovese
External Customer Email:  
External Test Config: My Hardware and Environment details:



I've run into this as well
Vote by External U.
1916 | August 30, 2016 05:21:05 PM GMT
Wil, Are you facing this issue with the ColdFusion 11 Update 10?
Comment by Nimit S.
1909 | August 30, 2016 11:37:33 PM GMT
Hi Wil, It would be really helpful if you could provide a few more details to narrow down the issue. Have you setup start/stop permissions for the created service account that you have configured to run with the ColdFusion services. By default Windows doesn't provide start/stop permissions for any service unless explicitly provided for any least privileged user. Also please do share the installation logs found at C:\ColdFusion11\cfusion\hf-updates\hf-11-00010. Thanks!
Comment by S P.
1910 | August 31, 2016 01:49:21 AM GMT
@Mary @Christopher @Kathryn @Carl : Which platform are you facing this issue on. Thanks!
Comment by S P.
1911 | August 31, 2016 01:51:42 AM GMT
Have to agree, this is a major pain. Every time I installed a CF update I have to revert the service user back to Local System from the local user. If I don't the update just fails to install and sometimes completely ruins CF11. Have experienced this since update 1
Vote by External U.
1917 | August 31, 2016 08:27:38 AM GMT
I'm running ColdFusion 11 Standard 64-bit on Windows 2012R2 server. I have the Lockdown Guide applied, but am using a Windows Active Directory domain account for the ColdFusion service. I have consistently had this problem on not only this server (and with each and every one of the updates that have been released), but also with my older ColdFusion 10/Windows 2008R2 server. I am unfamiliar with configuring start/stop privileges.
Comment by External U.
1912 | August 31, 2016 02:50:19 PM GMT
Oh, and to clarify - my workaround is to run the command prompt as Administrator and run java - jar hotfix_xxx.jar every single time. I have the same problem on my local Windows 10 and Windows 7 development environments where i run ColdFusion Developer Edition. These are also configured to use the same domain account for the ColdFusion service.
Comment by External U.
1913 | August 31, 2016 02:55:51 PM GMT
"Have you setup start/stop permissions for the created service account" I'm testing this on a few servers. I have a lot of them to update.
Comment by External U.
1914 | August 31, 2016 03:04:50 PM GMT
Hi, Please go to the above mentioned link, which gives detailed steps for giving permissions to the services to run as the created user. So, apart from changing the logon user from the services manager. The services need to be given the start/stop permissions to run as the created user as outlined in the blog. Please do let us know if this solves your problem. Thanks!
Comment by S P.
1915 | September 01, 2016 01:35:04 AM GMT