Azure Template: can't sign in


(Rob Clother) #1

Good morning everyone. I am having some difficulties signing into my graph database. I have set up an environment on Azure, using the template at https://azuremarketplace.microsoft.com/en-us/marketplace/apps/neo4j.neo4j-enterprise-edition?tab=Overview

However, having gone through all of the steps, I can't connect to the database when I go to http://{configured public ip address}:7474/

I use the username neo4j, and the password I set up when I applied the Azure template (as well as the password neo4j), but I always get the error "Neo.ClientError.Security.Unauthorized: The client is unauthorized due to authentication failure.

Are there any other default passwords used by the system?


(Rob Clother) #2

Note that I can sign in using the Cypher shell -- it's just the database http://{configured public ip address}:7474/ that won't let me sign in using the bolt link. The fact that I can sign in using the Cypher shell means that I have the correct username and password.


(Michael Hunger) #4

For the time being, can you use Neo4j Desktop and configure a "Remote Database" there with your bolt-URL?

It's probably related to some firewall rule not allowing 7474 and 7473 ports? Or configuration of the http(s)-listeners in neo4j.conf


(M. David Allen) #5

We're in the process of revising the Azure templates right now to simplify them. Right now there is a lot of optionality in the way the template gets launched, that presents some possibilities to get fouled up in the process, which is unfortunate.

When you first launch your cluster on Azure, you get to choose two auth credentials; one as an SSH key/password to log into the VMs, and the second as a Neo4j password. For the browser you should use the Neo4j password. Can you confirm this is the one you're using?

Also, try opening your browser web inspector pane, and see if there's any additional information there.

If you get an unauthorized error, that's usually a pretty clean and straightforward situation -- connectivity & firewalling is not the issue, rather neo4j just doesn't like your password.

If you could try using cypher-shell and paste the results of how you're calling it (obscuring IP and password if you like) we can try to help further.


(Rob Clother) #6

I've tried the reinstallation process multiple times, using the same neo4j password setup. I'm using identical passwords for my admin user and my neo4j user. The admin user works, as I can SSH into my machines at ports 22000, 22001 and 22002.

This time round, I can't connect via bolt at all, either through the browser, the desktop or the Cypher shell. There isn't much network information available when I try to sign in.


(Rob Clother) #7

Hi David:

Please excuse the delay: I'm working on this project in my spare time.

I've followed the steps word-for-word at https://neo4j.com/blog/deploy-neo4j-microsoft-azure-part-2/. Not once but many times. I'm unable to connect either in code, or in the browser.


(M. David Allen) #8

Hi Rob,

Could you please screenshoot the parameters you're putting in before this deploy fails?

The neo4j password for bolt is different than the admin password chosen for SSH.

If you can't get the bolt connection to work, you have the option to log in by SSH and reset the password on each node using neo4j admin tools, which you should consider. I'd like to help but I can't quite tell what's happening from the info you've provided so far.


(Rob Clother) #9

I'll share all the screenshots I can.

First screen: Admin user setup.


(Rob Clother) #10

Second screen: no SSL certificate, Latest version, 3 D2S v3 nodes. The neo4j has the same password as the admin user (previous screen). All other options set to defaults.


(Rob Clother) #11

Summary screen.


(Rob Clother) #12

Confirmation screen omitted. I gave my contact details.

I'll wait for the template to deploy.


(Rob Clother) #13

And here is the resulting resource group:


(Rob Clother) #14

Using the PIP address, here is the 7474 page....


(Rob Clother) #15

And, pasting in the identical password from Step 2:


(Rob Clother) #16

I also tried typing in the password manually, with the same result.

If I ssh to the PIP on ports 22000, 22001 and 22002, it lets me in with the password from Step 1.


(M. David Allen) #17

Thanks for this.

I checked through these (deprecated) templates, and the password inside the container is being set like this:

          curl --fail --silent --show-error --user neo4j:neo4j \
               --data "{\"password\": \"${NEO4J_PASSWORD}\"}" \
               --header 'Content-Type: application/json' \
               http://localhost:7474/user/neo4j/password

It's possible that this step is failing and is not being monitored as part of the deploy. This would be checkable by you if you check the init scripts for the node in the deployment.

In particular check the logs of the init scripts and see if you see this:

Failed to set neo4j password

That's just to try and figure what's going on here. If you want to resolve the issue, I would suggest first trying the default password "neo4j". My bet is that the password reset on deploy failed, and you should be able to get in with just "neo4j". If this doesn't work try the command with curl above, to reset using the password that should be present from within the machine.

If neither of these work, you might try deleting the auth files (generally they're in /var/lib/neo4j/data/dbms/auth) and then restarting. This should reset to the default password and you shouldn't lose anything else valuable if you've just launched anyway.

Sorry you're having these problems. We've finished with engineering the newer setup, we're now just pushing it through the Azure marketplace approval process. If you need a setup now, these steps above is my best recommendation. If you can wait a bit, the newer deploy process is going to be more simplified, and shouldn't have this issue to begin with.


(Rob Clother) #18

I can already discount the first and last solutions -- I've tried using the "neo4j" password and deleting the auth files. I'll check the logs now.


(M. David Allen) #19

@ali.ince can you offer any assistance here? Ali has worked on these templates as well, and may have something else he can suggest.


(Rob Clother) #20

Running the curl command on the 22000 node gives:

The requested URL returned error: 401

I've tried adding -u neo4j:neo4j and -u neo4j:<MyPassword> to the curl command, but the result is still the same.

I also deleted the auth files and restarted all three services; first using the command

sudo service neo4j restart

and then by restarting the VMs. Neither neo4j nor my password work now.


(Jonas Rolstad) #21

I'm also having this problem. http://{configured public ip address}:7474/