Admin Accounts Locked Out

Hello Guys,

So, I have Openfire v4.3.2 installed on a Linux CentOS 6 with Java JRE v1.8.0_211 running off the embedded database. I have this peculiar challenge that’s recurred twice now. Every now and then, my admin accounts get locked out. When this happens, I cannot access the console on port 9090 via a browser with any of my two admin accounts. At those times, when I try logging in, one of the messages that’s displayed is a ‘CSRF Login Failure’.

I end up having to follow the instructions outline on here to get access.

Is there some way to avoid this happening?

Using LDAP integration? Are the accounts actually locked? How do you restore access after using that one time access token? Are you the only one using this admin accounts? You might check the logs when this happens, it might have more information on that (Openfire/logs/all.log). You can also check the Security Audit Viewer (Server > Server Manager).

If you access the Admin Console on both 9090 and 9091 (https), you will have trouble. You should either always use HTTPS or always use an incognito window for best success.