the specific error is

Remote admin component is enabled. Server is not production profile. Please delete the AdminServlet.war from jetty to disable it and try again!

The admin component for remotely starting/stopping the ColdFusion Server wasn’t installed when I installed coldfusion as far as I can tell [6:22 PM] I don’t know where to locate it or remove it post install if it has been installed - does it require a reinstall? [6:26 PM] I did find a bug that was introduced in coldfusion 2018 update 5 that seems to relate to my issue: [6:26 PM] Adminservlet war was being copied even though the remote admin component had been disabled. If you install/uninstall the update, ensure that you delete the folders present inside the [CF Home]\[Instance Name]\jetty\work directory, and restart the ColdFusionAddonServices after update is installed. This ensures that the latest changes are picked up by the Jetty server.

aha, it looks like the latest update had the same issue as that coldfusion 2018 update 5

there’s a jetty hotfix in 2023u5 that includes the adminservlet.war that ended up in {instance}/jetty/webapps, even though I didn’t install it initially

so I guess don’t install the update until you’ve run the lockdown tool, or else remove that adminservlet.war after you install that update

(so that you can run the lockdown tool)