Unlocking Your Sitecore Account in Docker

Resolving an “Error: User Is Locked Out” scenario while using Sitecore with Docker.

May 9, 2025

When Docker Locks You Out

What do you do when you’re developing in Sitecore using a Docker container and you find yourself getting a “Error: User is locked out” message? Well you might think this means you are locked out of your Sitecore XM Cloud Portal account, this is actually the “local” account within your Docker container that has been locked out. But how does one get themselves unlocked?

itecore XM Cloud local error page displaying

Previously, back in just January of 2023, we wrote about how one would unlock their account using SQL Server, however things have changed rapidly with the introduction of XM Cloud and thus also to how developer environments are setup. Now you will have a local CM and CD instance running within Docker, in addition to that SQL Server will now live inside the Docker container.

To get yourself unlocked you’ll first want to open up Command Prompt or PowerShell and run the following command:

docker network ls

This will show you a list of all the networks the Engine daemon knows about, we’re looking for the one that matches the name you setup for your solution, in this example we used “website” which is then appended with _default.

PowerShell window showing Docker network list with highlighted website_default NAT network ID

Now we want to find the IP of the SQL Server instance running on website_default, to do so run the following command (replacing website_default with your site name):

docker inspect website_default

This will give you a JSON output like the following, you’ll want to look for the section pertaining to SQL Server (highlighted in bold):

PS C:\Users\bradl> docker inspect website_default
[
    {
        "Name": "website_default",
        "Id": "a2978189a34f48da2ba4899da64b02b7a190f8fa51a5a8e611e024a56ffdfc90",
        "Created": "2025-02-25T15:22:46.993612-05:00",
        "Scope": "local",
        "Driver": "nat",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "windows",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.20.16.0/20",
                    "Gateway": "172.20.16.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "176e1f5630b39457984a9b4d407cab2cbd1f1f65b4218a8a8387f88427f0f2dd": {
                "Name": "website-solr-1",
                "EndpointID": "2c60ab52275e3e8982ff6c6394d9e23c12a1272799c6366bb18bd319fdbced58",
                "MacAddress": "00:15:5d:71:db:a2",
                "IPv4Address": "172.20.21.142/16",
                "IPv6Address": ""
            },
            "83b67166d8818d748d066e7aaead7d42e2a193083977ff1751ec7385a2146d52": {
                "Name": "website-traefik-1",
                "EndpointID": "184bfeaa7432b55a33a07ac9c74646fa65dbdcff15f5b54480b227d7d7f5e794",
                "MacAddress": "00:15:5d:71:d5:cd",
                "IPv4Address": "172.20.16.231/16",
                "IPv6Address": ""
            },
            "a77b70638717e3e4632468d2bd7eca63d5ac53cd2469e5d3a0b07ab8e3707dcb": {
                "Name": "website-rendering-1",
                "EndpointID": "ba00a5bfdc941fe9904f664e4534723fff8eaf236518563a96438530ef3a2bb2",
                "MacAddress": "00:15:5d:71:d4:c0",
                "IPv4Address": "172.20.22.110/16",
                "IPv6Address": ""
            },
            "b77b1a755bbb833f107585b825c954df48ed7be62cc13cc910755a557b626474": {
                "Name": "website-cm-1",
                "EndpointID": "272b4cec902021a6965fc9efd191aaef7fd32f78756ab8cf6913a1035451cc8d",
                "MacAddress": "00:15:5d:71:d6:ab",
                "IPv4Address": "172.20.25.20/16",
                "IPv6Address": ""
            },
            **"bc3c57f6e1d5b14fd5a6b640e94f752b12ae9b7b0a2e1cc14651b1710d547ae5": {
                "Name": "website-mssql-1",
                "EndpointID": "3a2fb941a286f8ed3fe5baa73e025e0424c28bc860edd061271369f9d66a65e5",
                "MacAddress": "00:15:5d:71:de:e1",
                "IPv4Address": "172.20.23.188/16",
                "IPv6Address": ""
            }**
        },
        "Options": {
            "com.docker.network.windowsshim.hnsid": "88294CEE-773B-44D5-AD86-7FCFBE2EF0F9"
        },
        "Labels": {
            "com.docker.compose.network": "default",
            "com.docker.compose.project": "website",
            "com.docker.compose.version": "2.17.2"
        }
    }
]

Looking at the output you’ll see a IPv4Address value in the entry for website-mssql-1 which in this case is 172.20.23.188, that is the IP to the SQL Server engine running inside the Docker container.

Next you will need the “sa” password, you can find that in the environment file which should be found in root\local-containers.env. Look for the SQL_SA_PASSWORD which should be around line 19.

Configuration file showing environment variables including SQL server login and placeholder password SQL_SA_PASSWORD=YOURPASSWORD

Now that you are armed with both the IP address and password you can fire up SQL Server Management Studio and enter the IP we found as the Server Name, then selecting SQL Server Authentication from the next dropdown, then “sa” for the Login and for the Password the value we found above.

SQL Server login screen

Now hit Connect.

Once logged into the server you should see your familiar Core and Master databases. You will want to check the aspnet_Membership table in the Sitecore.Core database to see if you’re user is locked out.

For example I just did a SELECT * FROM [Sitecore.Core].[dbo].[aspnet_Membership] and I can see that my user is set to IsLockedOut=1:

SQL Server Management Studio showing query results

To fix this I can open up a new query window and create a query to set the value to 0 for my email address:

UPDATE [Sitecore.Core].[dbo].[aspnet_Membership]
SET IsLockedOut = 0
WHERE email = '[email protected]'

You should see a message saying 1 row affected.

To confirm, you can do another query, this time I filtered it to my email:

SQL query in SSMS

Great, everything looks good, my user is no longer locked out! Now lets try logging in again!

Sitecore XM Cloud login screen

After entering my email address and then password, I am now able to login successfully to my local Sitecore instance running inside Docker.

Sitecore XM Cloud Content Editor

To see a video of the whole process, please check out the following recording: