Solved: WHM two factor authentication failed – Cannot login to cpanel – Pin Invalid

Find the complete solution to the following problems here:

  1. Locked out of WHM when you two-factor authentication is active but code is invalid.
  2. Cannot log in to cpanel because your TFA login pin using Google Authenticator app or similar tool is failing again and again.
  3. You have lost access to your two-factor code generator and cannot login to WHM.

How is this problem caused?

This problem may arise because of the following reasons to the best of my experience.

  1. By deleting your TFA app that produces the pin while the TFA is still active on your WHM account.
  2. By installing multiple instances of your TFA app on multiple devices where the identification vlaues for the account change and it creates a confusion for the app to produce the right pin.
  3. You TFA pin generating app is a nonsense product and generates wrong code. (Lol this does happen)


How to fix the Disable WHM two factor authentication

You will need access to your server using SSH or the command line access. The easiest way to do that is PUTTY, a free SSH/telnet connection tool (download it here free). It is one of the most used SSH tools by offshore software development teams worldwide. Most of us who use Cpanel and WHM may not be used to command line control. So here are some visual tips for you.

SSH or this PUTTY tool will need access to your server with secure credentials similar to what you do with FTP. But it can achieve much more than just file transfer. It can enable disable features on your server at the core. So use this carefully. You will need the following credentials to use SSH.

  1. IP address of SSH/TELNET connection. It need not be the same as that of your servers default IP.
  2. The exact port where you can connect to the server via SSH.
  3. SSH login ID
  4. SSH Password
  5. WHM User id (usually – root) and Password.

The first four requirements can be gathered from your VPS or Server’s main control panel. In my case, like most of the WHM users, it would be a SolusVM control panel. It would appear like this and you get access to this when you sign up for your hosting account. If you do not have it right now, contact your hosting company.


vps-control-panel

Note the Serial Console Option in the Icons row above. Click that to generate an SSH secure connection. There is an option to use a Java based SSH connection here. But it seldom works because of Java version differences and lack of updates. You can create an SSH connection session for one hour, which is more than enough to accomplish the task at hand. Once you do that you would get something like this.

server ssh serial console for ssh connection to disable two factor authentication in WHM

Now use the details above to connect to Putty. When you start Putty it would look something like this.

putty-connection

Now provide the right IP address from the information we have gathered above and the Port no. Once you log in correctly you will arrive a DOS kind of black screen like shown below. Now you need to enter your login id and password as collected in point 3 and 4 mentioned before.

putty-ssh-login

Then here is the final step.

whmapi1 twofactorauth_disable_policy 

Enter this command now in the console. Then you will be prompted for another login, which will be the WHM id and password.
In case the command does not go through automatically on successful login, enter it again.
If you are not used to SSH or command line, you can copy a command and right click in the console to paste it. The previous command can be accessed with the UP Arrow.

putty-ssh-whm-login

If you get this finally it means your Two Factor Authentication is now disabled. You can login to WHM easily and set up two-factor authentication once more.

I hope I solved your problem today. Cheers