Recovering without a Recovery Key
Re-gain access to a Seq server without a saved recovery key, using the server-side command line
When configuring authentication it's possible to end up locked out, either because of Seq configuration problems, external provider issues, or loss of network connectivity.
The easiest way to recover access to a Seq instance is with a recovery key, but if you don't have one, the command line on the Seq host machine itself can be used to switch back to username/password authentication, and set a password for an administrative account.
Clustering/Disaster Recovery
If your Seq installation is clustered, you must fully stop all Seq nodes before recovering access using this method. See Recovery Keys for an alternative method of recovery that is better suited to clustered environments.
Determining which user account to unlock
The recovery process requires the username of an active Seq user account. This will generally be the username of the user set as administrator when authentication was configured.
- If the server is already using username/password authentication, this is most likely to be a plain username of the form
user
- If the server is using Active Directory authentication, the username will be in
DOMAIN\user
format - If the server is using Azure Active Directory or OpenID Connect, the username will be an email address
[email protected]
If you're unsure what user accounts are configured, you'll need to temporarily stop Seq, and run the auth
command to list active users.
On Windows
seq service stop
seq auth show
seq service start
The output of seq auth show
will include configured usernames.
Using Docker with host shell access
Assuming your Docker container name is seq
, and your Seq storage folder is mounted from <path>
on the host machine:
docker stop seq
docker run --rm -it -v <path>:/data datalust/seq auth show
docker start seq
The output of the docker
run will include configured usernames.
Using Docker without host shell access
To run shell commands in the Seq container without host shell access, you'll need to be able to write to Seq's mounted storage volume, and will also need to be able to collect container logs.
First, add an init scripts to Seq's mounted storage volume, under Init/
. The script can be named list-users.sh
:
#!/bin/bash
seqsvr auth show
Then, using the facilities of you container orchestrator, restart the Seq container.
The container's startup logs will include configured usernames in the output from the init script.
Each time you create an init script, it will need a different name from any previously-run init scripts (after successfully executing an init script, Seq won't run any further scripts with identical names).
Resetting the authentication provider and unlocking the user account
With the name of the user account handy:
On Windows
seq service stop
seq auth reset -u <username> -p <new password>
seq service start
You should then be able to refresh the Seq web UI and log in with <username>
/<new password>
.
Using Docker with host shell access
Assuming your Docker container name is seq
, and your Seq storage folder is mounted from <path>
on the host machine:
docker stop seq
docker run --rm -it -v <path>:/data datalust/seq auth reset -u <username> -p <new password>
docker start seq
You should then be able to refresh the Seq web UI and log in with <username>
/<new password>
.
Using Docker without host shell access
To run shell commands in the Seq container without host shell access, you'll need to be able to write to Seq's mounted storage volume, and will also need to be able to collect container logs.
First, add an init scripts to Seq's mounted storage volume, under Init/
. The script can be named reset-authentication.sh
:
#!/bin/bash
seqsvr auth reset -u <username> -p <new password>
Then, using the facilities of you container orchestrator, restart the Seq container. Seq will run the init script on startup.
You should then be able to refresh the Seq web UI and log in with <username>
/<new password>
.
Still having trouble?
If the steps above haven't helped, please contact us via
[email protected]
before making further configuration changes.
Updated 5 months ago