Login fails with AWS ELB when more than 1 svr

I have migrated our server to Amazon EC2 and I have set up Electric Load Balancing with autoscaling and an RDS MySql database. However, while everything else works, the s2member login will not. It just comes back immediately with “Max failed logins. Please wait 30 minutes and try again.” This is clearly not the case. This happens once the load balancer adds a second server but then even when forcing it to use one server, it still does not work.

I have tried changing the sticky settings to pin a session to the same server with an ELB generated cookie and I have tried pinning with the lifetime of the wordpress sid cookie and the PHPSSID, but nothing works.

What could be going wrong here and what must I do to make s2member pro work over multiple servers (sharing the same database – they are just clones of each other) – I don’t see how it could not work when the database is shared and the requests stick to the same server.

There are no log entries.

Any clues?

Hi Joanne.

This is a bit over my head, so I’m emailing Jason.

That said, have you tried raising the IPs limit in your settings?
[hilite path]Dashboard -› s2Member® -› Restriction Options -› Brute Force IP/Login Restrictions[/hilite]

Hi there. Thanks for reporting this important issue.

The error you reported:

Max failed logins. Please wait 30 minutes and try again.

When someone attempts to log into their account, and that request fails (i.e. wrong Username/Password combo); s2Member will record this failed attempt. If too many failed attempts occur within a short period of time, s2Member will start displaying the error message you reported, but ONLY to the User that caused the error.

This is known as Brute Force IP/Login Restrictions.

The options for this can be configured from your Dashboard here:
Dashboard -› s2Member® -› Restriction Options -› Brute Force IP/Login Restrictions
See Also: Knowledge Base » s2Member® Brute Force IP/Login Restrictions

If you’re seeing this error when you should NOT (i.e. something weird is going on), I would start looking at any plugins and/or server extensions that deal with caching. Is it possible that another User of your site caused this error, but now it’s been cached by some custom extension, so everyone sees it now?