Hi Raymond,

Don't worry, I am as committed as you are in the partnership with SOTI for more than 10 years working with them in Brazil. The intention here has always been and always will be to help users. If you felt so threatened by the previous information you can see that I already removed it.

Best Regards and move forward!

Set an email directly to support@soti.net.  They will tell you to run something in a common shell on your MobiControl server instance to get a code.  Email that code to Soti and they will give you an unlock code specific to your server instance.

Hello Deo,

You can simple resolve it by deleting a value from SQL Server. 

Send in private to user :0

Regards!

Hi Deo,

Modifying MobiControl database table values directly has the risk of breaking lot of things and voiding your Soti product warranty or needing to pay Soti professional services for fix due to intentional misuse.  Thus I personally have not ever openly advised anyone of doing this in any of my posts in this forum, because I think it is irresponsible to give similar advice in an open forum, especially when I don't have sufficient visibility/details on particular server instance configurations and the server instance owner is not my paid customer whom I have responsibility and obligation to serve .    Even for my own customers,  I always confirm with Soti support/professional service details on what/how to do with direct database table manipulation before doing so, just in case  what worked in previous cases may fail because different MobiControl versions can have changes in their table schema.  After all, each implementation is different, and different values in various other related tables may have different results for the same table modification procedure. 

As Jorge is NOT from Soti, I do NOT think he has sufficient understanding of the table schema in the MobiControl database to give related advices on direct database table manipulation.  I therefore strongly advise you to send e-mail to Soti support team to get an official answer before you go ahead to make any direct change in your MobiControl database table.  After all,  it's your server instance, and your call on what to do.

Dear Ryamond,

This is an online forum, I am sharing knowledge of how to solve the problem. In my case I always have an environment prepared to undo any changes, this command has already been used for more than 100x with and without support. I don't think it would be interesting for an IT professional to run any command without an understanding, but you are right about him contacting support or making a backup of the environment for disaster recovery and if he feels safe to move on go and solve it.

This value is populated automatically after the creation of the new user and the new password. But as you said I am not a support or SOTI and my words are just knowledge here, do not press any button! 😂

I think it's important for any online forum to spread knowledge and not write texts full of empty content as we see in this forum from some users!

Another important thing is to visit your global settings and look for Console Security. Your password may have been blocked by attempting external access by bruteforce, if you identify this in the logs, increase your security on the console and also disable any user knowledge by the external attacker.

If you are having problems I suggest that you make a connection with an IDP like Microsoft or any market product using SAML 2.0 you can bring more security attributes and user locks to your console. After that disable login by user inside the console and all go be fine :)

Regards

Hi Jorge,

I would like to remind you that this is an OPEN forum that may also be read by anyone who want to hack MobiControl server and steal corporate/end-user's private data on devices being managed.  Hacker can also join as a participant and post sensitive security related question (though I am not saying Deo is a hacker).    Thus, I restrain myself from disclosing in this open forum any information that may be part of a security loophole that hackers can exploit on any MobiControl server implementation.  

I totally support freedom of speech, so you are free to say whatever you like.  However, I suggest you to exercise good judgement on what to say on issues with potential security consequences.  After all,  damages due to such information leak may eventually affect the MobiControl instances of YOUR OWN customers, and hence your company's business, whether existing or future cases

Hi Jorge,

You might have done something 100x of times OK, but every implementation is different. In case something got broken on Deo case, are you going to provide free remote and on-site support to fix the problem?

Also, not every one is as smart as you and can make the database table change properly and/or the back-up/snapshot properly for fallback.  Also,  improper changes in some tables can have negative effect that are irreversible even with quick and full fallback.  Many are also not aware of the technical (e.g. data loss, out-of-control, device recall or reenrollment, etc.) and financial consequences if they do something wrong in the process.

I don't think Soti Forum is meant for showing off knowledge or bags of tricks.  For my own posts in the last few years, I sometimes avoid saying something I know just because of NDA or trade secrets of Soti or my company.    For this case, using unlock code has been the standard way to help on-premises customers to unlocked their lock-in for years, so why bring up something that can have security and/or other negative effect(s)?

In any cases, modifying the database table directly is not preferred unless explicitly recommended by Soti support, who will be responsible for any follow-up support if something really goes wrong.  Customers doing it themselves have the risk of voiding product warranty and entitlement to subsequent free support from Soti.  I believe you should at least mention this risk alongside the procedure in the same post if you mention about  direct database table change in the future.

Hi Raymond,

You have your point of view and I have mine. I ask if there is something wrong with my post the moderation delete it.

I do not believe this can be used as a form of invasion or attack since the attacker needs access to the database and other very complicated variables to overcome and use it.

I'm not sharing confidential documents or any information about customers and SOTI, but documents that can help someone in a support case like creating a GPO for an automatic enrollment in another post. I don't belive this is a problem correct? 

You wrote a nice text, but I don't know where you want to go. My desire is to solve the case of the other user and help by sharing knowledge.

Hi Jorge,

You haven't answered my questions in the last post :

1. Using unlock code has been the STANDARD way to help on-premises customers to unlock their web-console for years, so why bring up something that can have security and/or other negative effect (e.g. void product warranty, extra cost for professional services to fix the problem, etc.)?

If there is financial consequence for Deo's company or others after direct database table manipulation , are you or your company going to pay/compensate them?

2. If someone read your post and break something when directly manipulating their database instance, are you going to provide free remote or on-site support?

Hackers can also be insiders.   Some companies have IT team with thousands of people joining and quitting, and some new-hires might join a company for the sake of  hacking/stealing data/trade-secrets.  Database server may be shared my multiple teams to support multiple app servers for cost reason.  Access control may not be perfectly configured.  That's why checks and balances in different dimensions are used to avoid security loopholes.

Frankly speaking, I am happy to see you starting to contribute lots of posts recently, as this forum need more active participants/contributors to make it grow.  As said earlier, I embrace freedom of speech.   However, such freedom might sometimes need some limit if serious damages to others can be caused.  Wanting to share information can not be an excuse for such cases.

If I see any posts that can cause SERIOUS damages or SERIOUSLY jeopardize the interests and reputations of Soti products or of their customers/users,  you can rest assured that I will request the forum moderators or their management to remove such posts, as the business interests of my company may also be indirectly jeopardized.  Actually, I did so a few days ago, and I am glad that Soti responded quickly and removed the four discussion threads in less than an hour.

Hi Deo, 

Whatever way you eventually use to unlock your account, I suggest you to at least do the following to minimize the chance of having the same problem again in the future:

1. Add one or more extra administrator account for emergency access in case your normal account is locked

2. Increase the number of failed login before locking account from the default 3 to a more reasonable number (say 10) in the Access Control Policies tab of "Console Security" Global-Settings.