Cannot change hipchat default admin password

Mark Brown January 14, 2016

Hi,

I'm trying to install HipChat v1.3.7 on a machine with no internet access and which isn't configured to an email server.

The first issue encountered is after first booting up the VM and logging into the UI is a message stating that 'you haven't confirmed your email account' with no option to initiate confirmation.

In following a knowledge base article (https://confluence.atlassian.com/display/HIPCHATKB/HipChat+Server+is+stuck+on+the+configuration+wizard), I am able to disable the setup wizard by running the following command:

hipchat service --disable-setup-wizard

I am then able to change the name of the owner account by running:

hipchat service --reset-owner=<MY_EMAIL_ACCOUNT>

This however does not help as when I log back into the UI, I am presented with a login page. Whilst I now know the admin username, I still don't know the password. I cannot use the option 'Forgot Password' as there isn't a configured email server.

I can get into the MariaDB instance running on the HipChat server and view the 'bcrypt' password associated with the admin account, but there doesn't seem to be a way of generating a new 'bcrypt' password.

Having reached this point, I am unable to proceed any further, thus preventing being able to use this latest production version of Hipchat.

3 answers

0 votes
Mark Brown January 18, 2016

A further update on this. From a fresh install of v1.3.7, when I go to the setup wizard, I first receive a message stating that my account has not been confirmed. At this point, I am unable to proceed to start the wizard!

If I go into the MariaDB and alter the default admin user's confirmed flag to true, this stops this message. However, I still can't proceed any further with the wizard. When I click on the button to start the wizard, it appears to do nothing. Checking all the logs in the HipChat directory, I can see that every time I try to click to start the wizard, the web.err.log is reporting 'invalid XSRF token'. What can be done to resolve this error?

wdehaan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 1, 2016

Looks like the wizard timed out. You can disable that by running "hipchat service --disable-setup-wizard" and then you'll be dropped right into the administrative web interface once we figure out the xsrf token issue.

Can you check the web session cookies issued on login? Is the FQDN set to plain ASCII?

You may be best off contacting support by emailing server-support@hipchat.com.

Email is required for proper operation of HipChat Server, per requirements here: https://confluence.atlassian.com/hc/system-requirements-for-hipchat-server-606306343.html

0 votes
Mark Brown January 14, 2016

Unfortunately the environment being operated in doesn't have an email server available for this purpose, so I'm afraid the option you mention isn't possible.

0 votes
wdehaan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 14, 2016

Sorry for the tricky setup in your environment!

You can configure the email settings at the command line as well: hipchat email

To view the mail log (from postfix) type: mlog

 

 

Mark Brown January 29, 2016

Having reached an impasse, not being able to install the latest version of HipChat in an environment that neither is connected to the internet nor does it have an internally available email system, I am at a loss of how I can upgrade existing instances to this latest version which given the circumstances (operating environment) would normally be done by downloading the new version and then performing a data export from the old version followed by an import into the new version.

Without providing a way to be able to install v1.3.7 of HipChat and complete the initial configuration through the UI Wizard (which as per the thread above, isn't possible), this I can imagine will affect and be impactful to a significant number of customers operating behind a firewall.

wdehaan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 22, 2016

Email is pretty essential to HipChat. Ditto outbound TLS for notifications. 

Have you emailed server-support@hipchat.com? 

Regarding "invalid XSRF token" are you accessing HipChat Server through a NAT where the cookie domain scope wouldn't match?

Mark Brown February 23, 2016

HipChat Server is indeed being run in different environments on either Virtualbox or VMWare. All configured HipChat Server instances are being run on a NAT which is the usual way by which I would expose such VMs to their host machine.

How can I resolve the 'invalid XSRF token' issue?

Mark Brown February 28, 2016

@Will DeHaan One possible helpful pointer... I've observed that changing the logging levels such that I can see the output of the following log message in the file: /hipchat/web/current/application/helpers/xsrf.php

Class: xsrf

Method Name: verify

Log output: kohana::log('debug', "Verifying '$token' against current token '$current_token'");

In web.err.log, this reveals that current token is blank, hence this method always fails!

Mark Brown February 29, 2016

Narrowing down the problem still further, it seems the problem is concerned with setting HipChat to run behind a NAT. In bridged mode from a fresh/vanilla HipChat OVA, I can go through the setup wizard just fine.

As soon as I switch to NAT, I run into the invalid XSRF token issue. I have ensured that all required ports 80,443,5222,5223 are being forwarded and have even tried assigning an A Name record which points to the host on which HipChat server resides and then configuring 'hipchat network -n <host> -f <domain>' to no avail. It would appear the fact that the VM is behind a NAT and thus on a different subnet mask altogether to the LAN is making a difference. @Will DeHaan Appreciate if you could expand on your earlier comment about the 'cookie domain scope' not matching. How would you suggest I go about resolving this mismatch issue when running HipChat behind a NAT?

wdehaan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 1, 2016

Mark, the cookie domain scope is the configured FQDN or the eth0 IP address. Thus FQDN access should be fine, and many customers do run behind reverse proxies and NAT, that's fairly common.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events