Does password recovery procedure on CM allow you into GUI?

I have a customer with 3 WAAS appliances and a CM running WAAS 4.1.3a. The customer has lost their network engineer and they do not have the admin passwords. I can telnet to the CLI of all devices but I am trying to access the CM GUI and don't get privileged access with my account. The CM has 2 accounts showing in the config, the admin account and another which is specific to this customer. Both have privilege 15 but I don't know the password to either. The primary authentication mechanisms for login and configuration are set to tacacs with the secondary set to local. I am able to login to the command line using a support account that we have the password for so it appears that tacacs is working but if I use this account on the GUI it logs me in but does not give me privileged access to the GUI. I think I read somewhere that the GUI uses a different authentication mechanism and to get privileged access to the GUI the account has to be created within the GUI. Is that right?
Unfortunately I don't have access to the tacacs server and we don't look after it so I can't just change the admin password in the tacacs server.
With the support account I have on the CLI, when I try to change the admin account password it says:
waas-cm(config)#username admin passwd
Warning: User configuration performed via CLI may be overwritten
by the central manager.  Please use the central manager to configure
user accounts.
New WAAS password:
If I try to login to the GUI using the new password I set then it doesn't work but I am not sure if that is because it is trying to use tacacs to authenticate the GUI or because the CM over-wrote it.
I found the password recovery/change procedure but I wasn't sure if this would help me get into the GUI or just the cli. If I reload the box and follow the procedure to change the admin password then will this change the password used by the GUI? Should I be concentrating on the CM or focussing on the tacacs server which isn't in this site and which I don't look after? If I change the admin password using the recovery procedure and then remove the tacacs config then will I be able to get into the GUI using the new admin password? Any other suggestions of what I can do?
Thanks
Tim

Tim,
Since you have CLI access to the CM, why not telnet/ssh to the CM remove the TACACS configuration temporarily so users aren't check against TACACS when you try to login to the CM GUI.  Then since you don't know the admin password you could change it via the CLI command you previously used, and then try to login to the CM GUI with that admin account.
Once you have the known admin account you can reconfigure your TACACS configuration as it was before.
Now I suspect the reason you were able to login to the CM GUI with the support account, but you had no privileges was because this support user or the group in TACACS it belongs to was not defined in the CM GUI under Admin -> AAA -> Users.  Since the TACACS server in this case does the authentication, but the authorization to view certain pages within the CM GUI is done on the CM itself.  So, it is required to have the user or the group defined in the CM GUI with the appropriate role(s) associated to that object.
Once you define this support user account within the CM GUI it too should have access when TACACS is enabled.   Here are the steps I would take:
Log into your CM via SSH/Telent with your TACACS user
credentials.  Once in here do the following:
NC-WAAS-CM(config)#no authentication fail-over server-unreachable
NC-WAAS-CM(config)#authentication login local enable primary
NC-WAAS-CM(config)#authentication login tacacs enable secondary
Log into the CM GUI with the local WAE credentials (admin, ).
Go to Admin -> AAA -> Users -> Add a user -> Specify the support username
you added to your TACACS server and click Submit (no need to change any other
fields) -> Select Role Management -> Assign this user the admin role (or
whichever custom role(s) you have defined) and click submit.
Back on the CLI:
NC-WAAS-CM(config)#authentication login local enable secondary
NC-WAAS-CM(config)#authentication login tacacs enable primary
NC-WAAS-CM(config)#authentication fail-over server-unreachable
Log out of the CM GUI, and try to log back in with your TACACS credentials.
Here is the configuration guide section on user accounts and groups which may help explain in more detail.
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v413/configuration/guide/usrmgmt.html
Hope this helps,
Mike Korenbaum
Cisco WAAS PDI Help Desk
http://www.cisco.com/go/pdihelpdesk
P.S.  If this answers your question please mark it as such; thanks!

Similar Messages

  • What ID does password recovery procedure work on?

    We recently completed the steps to recover password on a 2960G switch as per instructions found at http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml  Four password were changed as per documentation (secret, enable, vty, and console)
    However as we now try again to get access to the device using the CNA client, none of the new passwords work!  We would like to confirm what ID this procedure reset – do we use Cisco, blank, or an existing user ID that we can see still exist?  And we are assuming that we should use the newly updated console password to access the ‘console’… but maybe this is wrong too?
    We still can’t seem to get in with anything…  (and the process seemed to work all the way through)
    Suggestions?

    Hello
    Can you perform the steps again, The most important part is when the switch has come ups for the first time and you gain access.
    From here the switch is set to default - so if you wish to start from scratch all you need to do is wrtie to memory.
    WR
    if you wish to use the old configuration but change the password then, the very first thing you need to do is:
    rename flash:config.old flash:config.text - this is reverting the change you did in rommom access
    Then reset your passwords (see below) and save your changes and reload.
    WR
    Password changes
    username admin privilege 15 secret password
    username anyone password password1
    enable secret letmein
    service password-encryption
    line con 0
    exec-timeout 0 0
    logging synchronous
    login local
    line vty 0 15
    login local
    logging synchronous
    transport input telnet
    res
    Paul
    Please don't forget to rate any posts that have been helpful.
    Thanks.

  • Password Recovery Procedure SPS224G

    Hello! Does not work to restore the password in SPS224G4. When selecting the menu [3] Password Recovery Procedure gives the message: Current password will be ignored!. Please help.

    Nikitka,
    Once you have selected option 3, you should select the option "back", it is number 6 I believe. The device will continue to boot. Once you are at the login prompt, use admin as the login name and leave the password blank. Execute this and you should be granted access to the device. change the password immediately for the admin account as bypassing the password only works once and then the device returns to normal operation. Let me know If you have any trouble at all.
    Thank you,
    Chris

  • SA 520 Password Recovery Procedure?

    I fully configured the appliance and, of course, changed the enable  password, and then failed to document it, somehow, and I've long since forgotten it. I've looked for a recovery procedure, but haven't found one.
    Can anyone point me in the right direction? So far, it seems like the only option is a factory reset and I'm hoping I'm wrong.
    Thanks.

    Hi zacmutrux,
    Thank you for posting. Unfortunately you will have to set the router to factory defaults and reconfigure it. There is no password recovery procedure available for any of our SMB routers.

  • My iphone 5 suddenly died and won't turn back on even after doing the recovery procedure. Even when I put it on charge the apple sign appears for 5-7 seconds and even after that it won't turn on. Help?!?!

    My iphone 5 suddenly died and won't turn back on even after doing the recovery procedure. Even when I put it on charge the apple sign appears for 5-7 seconds and even after that it won't turn on. Help?!?!

    DFU mode an try to restore to iOS6.1.4 it will wipe out the whole device if it works but than youll kno if its a software issue if it works or ahardware issue if it dont work

  • Does the iPad3 support external monitors, allowing you to scan across two screens?

    Does the iPad3 support external monitors, allowing you to scan across two screens?

    Some apps, such as Keynote, support different displays on the iPad screen and an external display. The iPad does not span it's "desktop" across screens, though; it only mirrors.
    Regards.

  • IP/VC 3510 Password Recovery Procedure

    Hi, I am trying to upgrade my 3510 but it does not accept login/password pair. Anybody can help how to recover password on IP/VC 3510? It is not exist in TAC Password Recovery page. It is an urgent case, thanks in advance,
    Ozgur.

    Follow this procedure for the password recovery of 3510
    1. Connect the null modem cablet to the serial
    port on the front of the MCU and the other end to your computer.
    2. Launch Hyperterminal and select Com 1, then change the video bit rate to 9600 and flow control to "none". All other settings are default.
    3. Hit the key combination Control-X to reboot the MCU (or just power down and power up the 3510)
    4. When the device reboots you will see trace activity in the Hyperterminal session then you will see "press any key to configure". Press a key and you will see a menu with various options. One of the options is password. Here you can set the password then the system needs to reboot.

  • Does anybody know an app which allows you to use your iPhone as CCTV

    I am wondering if anybody knows an app which allows you to use your iPhone as a CCTV camera so I can view what is going on. Please if you know any app which allows you to use your iPhone as CCTV camera. Thanks I am really grateful.

    There are serveral brands and models of security cameras, baby monitors and nanny-cams that have apps in the the app store.  They are designed to accomplish exactly what you are describing.  Each brand of camera has its own app.

  • What's the Password Recovery Procedure for ACS on windows

    Hi All,
    With the "automatic local login" disabled, how can I recover the forgotten administrator's password or reset it?
    Many thanks in advance!

    Hi,
    You need to modify the registry. Pls refer to this url:
    http://www.cisco.com/warp/public/480/csntfaq.html#Q3
    rgds,
    AK

  • Password recovery procedure on MDS 9120

    Hi,
    I tried ctrl+] combination to get to the "boot>" prompet to recover password on MDS 9120. it don't seem to work. I tried "ctrl + C" it took me to bios setup.
    How do I recover password on this platform? I ma using SecureCRT. any advice?
    thanks,
    Kerim

    Hi,
    I tried ctrl+] combination to get to the "boot>" prompet to recover password on MDS 9120. it don't seem to work. I tried "ctrl + C" it took me to bios setup.
    How do I recover password on this platform? I ma using SecureCRT. any advice?
    thanks,
    Kerim

  • Password recovery for 2960 without loosing configuration

    Hi,
    I don't remember password for Cisco 2960 switch, now i want to recover the password. I have checked few documents but would like to know few things before following these steps.
    1. Is password recovery procedure for Cisco 2960 switch is different from normal ctr+break then change the register method? As i am more confident of doing this procedure than  using mode button and then renaming the configuration file.
    2. If i follow below procedure then hope it won't erase the configuration including vlans information.?
    https://supportforums.cisco.com/discussion/11756896/cisco-switch-29603560-password-recovery-and-factory-default-mode-button
    3. Pressing mode button is an alternate to using ctrl+break sequence? and long pressing of mode button does't effect anything.
    4. Restarting the switch after pressing mode button (without making any changes) will go back to previous configuration (working condition).
    Thanks.

    1. Is password recovery procedure for Cisco 2960 switch is different from normal ctr+break then change the register method? As i am more confident of doing this procedure than using mode button and then renaming the configuration file.
    Password recovery for switches, like the Catalyst 2K and 3K, are far more simpler.    Read this:  Cisco Catalyst Fixed Configuration Layer 2 and Layer 3 Switches
    2. If i follow below procedure then hope it won't erase the configuration including vlans information.?
    https://supportforums.cisco.com/discussion/11756896/cisco-switch-29603560-password-recovery-and-factory-default-mode-button
    I've posted a link above.  I'd recommend you read that one.  The link you've posted is about someone who wants to make a simple procedure look complicated.  
    3. Pressing mode button is an alternate to using ctrl+break sequence? and long pressing of mode button does't effect anything.
    Correct.  Get your mindset out of the password recovery of routers.  When you are dealing with some models of switches, it's the "Mode" button.  There are no "Mode" buttons in routers, hence, the Ctrl+Break key is required. 
    4. Restarting the switch after pressing mode button (without making any changes) will go back to previous configuration (working condition).
    If you did NOT rename the configuration file, yes, the switch will reboot and load the existing configuration file.  
    If you renamed the configuration file, the switch will reboot.  Finding no configuration file, the switch will load the factory defaulted configuration.

  • Pix 525 6.3 Password Recovery shuts down TFTP server

    I noticed that everytime I try to run the password recovery procedure to retrieve the np63.bin file from my tftp server, the pix hangs and the tftp app shuts down completely. I am investigating but if any one knows off the top,,I would appreciate the sharing.

    I got it...I'm not sure what it was but as soon as I plugged both inside and outside interfaces in that allowed the file to be received. I guess that's the way it works. The document must presume you know this.
    The "Duhs" have it! Motion passed!!

  • 4240 and password recovery

    Hi,
    I tried upgrading my 4240 sensor via CSm to IPS-CS-MGR-K9-7.0-5a-E4.  The upgrade failed and the device was unreachable!!
    I consoled into the device and rebooted.  The login prompt appears, but the admin username and password combo does not work.  I went through the password recovery procedure, but now get the following:
    login: cisco
    Password:
    You are required to change your password immediately (password aged)
    Changing password for cisco
    (current) password:
    Authentication token manipulation error
    Does anyone have any ideas about this error message, or how I can fully recover to previous state?  The service account works and gets me into bash, but I am not sure why CLI access is failing.
    Many thanks
    Liam

    Liam,
    From this doc:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_qanda_item09186a008025c533.shtml
    . What does the "Authentication token manipulation error". error message mean?
    A. In order to solve this issue, use default password (cisco)  two times and then change the password from the config mode. The IDS  requires the default password to be entered twice.
    For example:
    login:cisco
    Password:cisco
    Enter current password:cisco
    Enter new password: ***
    Re-enter new password: ***
    Give it a try and see if it works.
    I hope this helps.
    Raga

  • Password Recovery for Catalyst 6500

    Hi all,
    According to this website:
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_password_reco
    very09186a00801349aa.shtml
    Password will not be activated in the first 30 second, so when we want to do
    the password recovery, we just press enter and quickly change the password.
    I tried this in the Cat 6509 but found a different result. When I press
    enter, it didn't go to console (prompt) instead, it keep asking me the
    password.
    Is there anything change in the password recovery for Cat 6500 (I've done it
    before but when I try it again, it showed a different result). FYI, i use
    this version of CatOS = cat6000-sup2k9.7-6-12.bin
    Regards,
    Affandi Indraji

    Hi Friend,
    There is no change in the password recovery procedure it is just that you might not be doing it fast enough in 30 seconds.
    Just power off and power on the switch again and then immediately try hitting enter as soon as it prompts for the first password and then follow the same procedure what you used to do for other CATOS switches.
    HTH, if yes please rate the post.
    Ankur

  • Password recovery at catalyst 4507R-E

    Hi. I have catalyst 4507R-E and 2 engines are located at this catalyst. the engines are active standby. when i begin to recover i write  the recover config at main engine then i must be reset the catalyst after reboot active engine go to satndby and standby go to active. so i can not recover it.
    how can i solve this?
    must i first remove standby engine and then recover active engine
    then put the standby and active engine configuration go to standby.
    am i rigth? i am afraid the i lost the configuration because i have not backup configuration.
    i used this PDF.
    please write your comment.
    thank you very much.

    Hi teymur,
    You never lost your configuration, what you need to do is...
    1. Make a complete config synch between active and standby supervisor engine (I hope autosync is already enabled)
    2. Write the config to NVRAM on standby supervisor engine.
    3. Now when you put back the standby supervisor engine, reload the active supervisor engine whcih take the standby be active and active be standby.
    Also I would like to infor the password recovery procedure for you...
    Try the below procedure with only one supervisor in the chassis.
    1) Connect the console cable to the Supervisor IV console port
    2) Reset the 4507 by power cycling the unit.
    3) Interrupt the boot sequence by hitting CTRL+C
    4) Using the confreg command, I set it to skip the boot-up configuration.
    5) I issue the reset command to reboot the 4507 again.
    http://www.cisco.com/en/US/products/hw/switches/ps663/products_password_recovery09186a00800945f7.shtml
    Please rate the helpful posts.
    Regards,
    Naidu.

Maybe you are looking for

  • IPhone High res icon

    hi guys, sorry, iam a new here, and it wouldnt be better place like there. my question is simple. How can i make high resolution icon and graphic at all to iphone in Flash CS5 ? There is just option 57x57 and when i sync to my iphone it's horrible on

  • Nested Table--How to keep the children together

    You have a purchase order, say, with multiple lines, and multiple shipments per line. For any particular line, you want to either to (1) not split up the children--keep them togother on the same page, or (2) if you do split them up,, repeat the paren

  • Missing "config" command in CLI (Cisco 1140 AP)

    Hi All I am trying to chang IP configuraton for my Cisco 1140 AP, but in CLI I dont have a "config" command (i used en before to enable administrative mode) Bellow are the commands I can see: AP7081.0506.d54a#? Exec commands:   cd               Chang

  • Report Server Error (NEED URGENT HELP!!)

    Dear Supporting Team & All Oracle Members, I was unable to run my report smoothly just recently. The error messages were as follows: "rwcgi60.exe - Application Error" "The instruction at "0x77f6754b" referenced memory of "0x016dle18". The memory coul

  • CS4 Content Aware Scale....poor results?

    I have big hopes (and more than a few jobs) that will benefit from this new feature, but after several attempts, I am left frustrated. The demos look amazing, but after trying it on small (1 meg), medium & large (150 meg) files I am left wondering if