Issue Summary

This is reproducible on Data Center: (yes) 

Steps to Reproduce

1. Install Confluence 8.9.8
2. Follow the documentation to enable the recovery_admin account: Restore Passwords to Recover Admin User Rights (ver 8.9)
   Example

   -Datlassian.recovery.password=1234
   

3. Try logging with the recovery_admin ID and the password you set (1234 in the example above)
4. Result: log in failure as recorded in the atlassian-confluence.log:

   2025-01-17 19:56:39,015 WARN [http-nio-6898-exec-1 url: /c898/dologin.action] [atlassian.seraph.auth.DefaultAuthenticator] login login : 'recovery_admin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
    -- url: /c898/dologin.action | referer: http://localhost:6898/c898/dologin.action | traceId: cf7afaed7db12d6a

Expected Results

We should be able to log in as recovery_admin and  using the password we have set.

Actual Results

Unable to login as recovery_admin and it's throwing the above message in the logs. 

Workaround

Three possible workarounds:

1. Upgrade Confluence to version 9.0+
2. As a change to the recovery admin process was back ported to version 8.9.7, enable logging to reveal the dynamically created recovery admin ID (See comments below):
   1. Follow Configuring Logging to locate the log4j properties file.
   2. Add following setting to display the recovery admin user name:

      log4j.logger.com.atlassian.crowd.manager.recovery.SystemPropertyRecoveryModeService=INFO
      

3. Or, update the local admin account's password via the database as described in Restore Passwords to Recover Admin User Rights (v 6.4).

Notes:

• The recovery_admin feature is working as expected in Confluence 8.9.6 and lower.
• In Confluence 9.0 and higher, the old default "recovery-admin" ID is no longer valid in order to improve overall security. Instead a recovery admin ID is now dynamically created as described in Restore Passwords To Recover Admin User Rights (current version) for versions 9.0+ and works as expected.