Niagara Station Unreachable After Cyber Hardening

Problem

After applying security hardening (account lockout, HTTPS-only, stronger auth), users can no longer log in or the station appears offline in Supervisor.

Root Cause

Lockout thresholds set too aggressively, service accounts not updated to new password policy, or Supervisor/JACEs still using old credentials/HTTP URLs.

Solution

1. Verify Station Is Running

• Check via Application Director (local platform connection)
• Look for authentication errors in logs

2. Temporarily Relax Lockout Policies

• Adjust lockout and password policies in line with Tridium's recommended baseline
• Use reasonable attempts/time window

3. Update Supervisor Connections

• Update Supervisor Niagara Network connections with new service account credentials
• Ensure all device-to-device connections use HTTPS URLs

4. Confirm Roles/Permissions

• Some hardening templates reduce operator rights
• Verify roles still allow expected actions

5. Re-Tighten When Stable

• Once stable, re-tighten lockout thresholds
• Document the new security configuration