Recovering without a Recovery Key

When configuring authentication it's possible to end up locked out, either because of Seq configuration problems, external provider issues, or loss of network connectivity.

The easiest way to recover access to a Seq instance is with a recovery key, but if you don't have one, the command line on the Seq host machine itself can be used to switch back to username/password authentication, and set a password for an administrative account.

🚧

Clustering/Disaster Recovery

If your Seq installation is clustered, you must fully stop all Seq nodes before recovering access using this method. See Recovery Keys for an alternative method of recovery that is better suited to clustered environments.

Determining which user account to unlock

The recovery process requires the username of an active Seq user account. This will generally be the username of the user set as administrator when authentication was configured.

• If the server is already using username/password authentication, this is most likely to be a plain username of the form user
• If the server is using Active Directory authentication, the username will be in DOMAIN\user format
• If the server is using Azure Active Directory or OpenID Connect, the username will be an email address [email protected]

If you're unsure what user accounts are configured, you'll need to temporarily stop Seq, and run the auth command to list active users.

On Windows

seq service stop
seq auth show
seq service start

The output of seq auth show will include configured usernames.

Using Docker with host shell access

Assuming your Docker container name is seq, and your Seq storage folder is mounted from <path> on the host machine:

docker stop seq
docker run --rm -it -v <path>:/data datalust/seq auth show
docker start seq

The output of the docker run will include configured usernames.

Using Docker without host shell access

To run shell commands in the Seq container without host shell access, you'll need to be able to write to Seq's mounted storage volume, and will also need to be able to collect container logs.

First, add an init scripts to Seq's mounted storage volume, under Init/. The script can be named list-users.sh:

#!/bin/bash
seqsvr auth show

Then, using the facilities of you container orchestrator, restart the Seq container.

The container's startup logs will include configured usernames in the output from the init script.

📘

Each time you create an init script, it will need a different name from any previously-run init scripts (after successfully executing an init script, Seq won't run any further scripts with identical names).

Resetting the authentication provider and unlocking the user account

With the name of the user account handy:

On Windows

seq service stop
seq auth reset -u <username> -p <new password>
seq service start

You should then be able to refresh the Seq web UI and log in with <username>/<new password>.

Using Docker with host shell access

Assuming your Docker container name is seq, and your Seq storage folder is mounted from <path> on the host machine:

docker stop seq
docker run --rm -it -v <path>:/data datalust/seq auth reset -u <username> -p <new password>
docker start seq

You should then be able to refresh the Seq web UI and log in with <username>/<new password>.

Using Docker without host shell access

To run shell commands in the Seq container without host shell access, you'll need to be able to write to Seq's mounted storage volume, and will also need to be able to collect container logs.

First, add an init scripts to Seq's mounted storage volume, under Init/. The script can be named reset-authentication.sh:

#!/bin/bash
seqsvr auth reset -u <username> -p <new password>

Then, using the facilities of you container orchestrator, restart the Seq container. Seq will run the init script on startup.

You should then be able to refresh the Seq web UI and log in with <username>/<new password>.

👍

Still having trouble?

If the steps above haven't helped, please contact us via [email protected] before making further configuration changes.