Shulou(Shulou.com)06/01 Report--

The customer called to say that UCS Manager could not log in, indicating that the username and password verification failed. Rushed to the user site, found that neither console nor WEB can log in, so the only way to do this is to break the door and pick the lock!

According to the official documents, there are two ways to recover UCS Manager passwords:

First, password recovery in Standalone mode

Second, password recovery in Cluster mode

Since there are two 6248 Cluster made by users here, only the second method can be used here. The recovery method is as follows:

Before You Begin

1 Physically connect a console port on one of the fabric interconnects to a computer terminal or console

Server

Before you begin, find a console line to connect to the console port.

2 Obtain the following information:

The firmware kernel version on the fabric interconnect

The firmware system version

Which fabric interconnect has the primary leadership role and which is the subordinate

There are three important information to get before password recovery:

First, firmware kernel version

Second, firmware system version

Third, determine which 6248 is primary and which is subordinate

Tip To find this information, you can log in with any user account on the Cisco UCS domain.

This sentence in the document is a bit interesting, let me log in to UCS Manager as any user and get the above information. I just want to say: honey, I only have one user.

There are two ways to get the above information here:

First, it can be obtained during the restart process by restarting 6248.

Second, don't rush to get firmware kernel and firmware system, just keep going.

Procedure

Step 1 Connect to the console port.

Step 2 For the subordinate fabric interconnect:

A) Turn off the power to the fabric interconnect.

B) Turn on the power to the fabric interconnect.

C) In the console, press one of the following key combinations as it boots to get the loader prompt:

Ctrl+l

Ctrl+Shift+r

You may need to press the selected key combination multiple times before your screen displays the loader

Prompt.

Connect to that subordinate via console, then power off, power on, boot the device, and press ctrl+l or ctrl+shift+r during the restart until the system appears at the loader prompt.

Step 3 Power cycle the primary fabric interconnect:

A) Turn off the power to the fabric interconnect.

B) Turn on the power to the fabric interconnect.

Step 4 In the console, press one of the following key combinations as it boots to get the loader prompt:

Ctrl+l

Ctrl+Shift+r

You may need to press the selected key combination multiple times before your screen displays the loader

Prompt.

Do the same as above, connect to that primary via console, then power off, power on, start the device, and press ctrl+l or ctrl+shift+r during the reboot until the system appears at the loader prompt.

Step 5 Boot the kernel firmware version on the primary fabric interconnect.

Loader > boot / installables/switch/kernel_firmware_version

Example:

Loader > boot / installables/switch/ucs-6100-k9-kickstart.4.1.3.N2.1.0.11.gbin

Boot firmware kernel manually at the loader prompt, and as mentioned earlier, there is no hurry to get information about kernel and system. Here, you can view and obtain it through the dir command, as follows:

Loader > dir

Bootflash:

Lost+found

Ucs-6100-k9-kickstart.5.0.3.N2.2.1s.bin

Ucs-6100-k9-system.5.0.3.N2.2.1s.bin

Chassis.img

Pnuos

Nuova-sim-mgmt-nsg.0.1.0.001.bin

Chassis2.img

Fexth.bin

Installables

Sysdebug

Distributables_hdr

I feel that it is convenient to get through the dir command.

Step 6 Enter config terminal mode.

Fabric (boot) # config terminal

Step 7 Reset the admin password.

Fabric (boot) (config) # admin-password password

Choose a strong password that includes at least one capital letter and one number. The password cannot be

Blank.

The new password displays in clear text mode.

Change the password of admin-password through the above two commands

Step 8 Exit config terminal mode and return to the boot prompt.

Step 9 Boot the system firmware version on the primary fabric interconnect.

Fabric (boot) # load / installables/switch/system_firmware_version

Example:

Fabric (boot) # load / installables/switch/ucs-6100-k9-system.4.1.3.N2.1.0.211.bin

Step 10 After the system p_w_picpath loads, log in to Cisco UCS Manager.

After the password change is complete, go back to the fabric (boot) prompt, load the firmware system file, and you may log in to UCS Manager after loading.

Step 11 In the console for the subordinate fabric interconnect, do the following to bring it up:

A) Boot the kernel firmware version on the subordinate fabric interconnect.

Loader > boot / installables/switch/kernel_firmware_version

B) Boot the system firmware version on the subordinate fabric interconnect.

Fabric (boot) # load / installables/switch/system_firmware_version

Back in subordinate, boot firmware kernel manually and then load firmware system. When the restart is complete, the password recovery is complete.

*

In my case, I would like to talk about the problems I encountered in the recovery process:

1. After I loaded firmware system on primary, the system did not load and remained at the original prompt. I think maybe there's something wrong with what I'm doing.

2. After loading firmware system on subordinate, the system loads normally and prompts you to enter cluster mode, but after startup, you still cannot log in with the reset password.

3. I suspected that there was a problem with primary, so I rebooted primary manually. After restart, I could log in with the reset password, but subordinate still could not log in.

4. So I followed the password recovery steps to do the same for subordinate again, and when I reloaded firmware system, I could log in with the reset password this time.

At this point, console can log in, but here comes the problem again. The story doesn't seem to be over. You still can't log in through WEB. Why? Are there two sets of passwords?

Since you can get in through console, there must be a way to get in through WEB. So after looking through it, there are the following methods:

UCS-FI-6248UP-A# scope security

UCS-FI-6248UP-A / security # create local-user guanliyuan

UCS-FI-6248UP-A / security/local-user* # set account-status active

UCS-FI-6248UP-A / security/local-user* # set password

Enter a password:

Confirm the password:

UCS-FI-6248UP-A / security/local-user* #

UCS-FI-6248UP-A / security/local-user* # create role admin

UCS-FI-6248UP-A / security/local-user* # commit-buffer

The main function of the above command is to create a local user guanliyuan, activate the user, set the password, give the user admin permissions, and save. When you are finished, you can use guanliyuan to WEB and manage UCS Manager!

This password recovery work is really completed here!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.