The customer calls to say that UCS Manager cannot log on, prompting the user name for password validation to fail. Rushed to the user site, found whether the console or the Web can not log in, for the current count only broken pry lock!
By reviewing the official documentation, UCS Manager password recovery is available in two ways:
First, password recovery in standalone mode
Second, password recovery in cluster mode
Since the user here is two 6248 do cluster, so here can only use the second way, the recovery method is as follows:
Before you Begin
1 Physically connect a console port on one of the fabric interconnects to a computer terminal or console
Server
Before you begin, find a console line connected to the console port.
2 Obtain the following information:
The firmware kernel version on the fabric interconnect
The firmware system version
Which fabric interconnect has the primary leadership role and which are the subordinate
Get three important messages before password recovery:
First, firmware kernel version
Second, firmware system version
Third, determine which 6248 is primary, which is subordinate
Tip to find this information, you can log in with any user account on the Cisco UCS domain.
This sentence in the document is a bit of a point, let me log in to UCS Manager with any user and get the information above. I just want to say: Pro, I have only one user.
There are two ways to get the above information here:
First, by restarting 6248, during the restart process to obtain
Second, do not hurry to get firmware kernel and firmware system, continue to go down
Procedure
Step 1 Connect to the console port.
Step 2 for the subordinate fabric interconnect:
A) Turn off the power to the fabric interconnect.
b) Turn on the power to the fabric interconnect.
c) In the console, press one of the following key combinations as it boots to get the loader prompt:
Ctrl+l
Ctrl+shift+r
Need to press the selected key combination multiple times before your screen displays the loader
Prompt.
Connect to the subordinate via the console, turn the power off, power it on, start the device, press Ctrl+l or ctrl+shift+r during the restart process, until the loader prompt appears on the system.
Step 3 Power Cycle The primary fabric interconnect:
A) Turn off the power to the fabric interconnect.
b) Turn on the power to the fabric interconnect.
Step 4 in the console, press one of the following key combinations as it boots to get the loader prompt:
Ctrl+l
Ctrl+shift+r
Need to press the selected key combination multiple times before your screen displays the loader
Prompt.
With the same operation as above, connect to the primary via the console, turn the power off, power it on, start the device, press Ctrl+l or ctrl+shift+r during the restart process, until the loader prompt appears on the system.
Step 5 Boot The kernel firmware version on the primary fabric interconnect.
Loader > Boot/installables/switch/kernel_firmware_version
Example:
Loader > Boot/installables/switch/ucs-6100-k9-kickstart.4.1.3.n2.1.0.11.gbin
Manually boot the firmware kernel at the loader prompt, which says in no hurry to get information about kernel and system. Here you can view the Get by the dir command, as follows:
loader> dir
Bootflash
Lost+found
Ucs-6100-k9-kickstart.5.0.3.n2.2.1s.bin
Ucs-6100-k9-system.5.0.3.n2.2.1s.bin
Chassis.img
Pnuos
Nuova-sim-mgmt-nsg.0.1.0.001.bin
Chassis2.img
Fexth.bin
Installables
Sysdebug
DISTRIBUTABLES_HDR
The feeling is still easy to get through the dir command.
Step 6 Enter config terminal mode.
Fabric (boot) # Config terminal
Step 7 Reset the admin password.
Fabric (boot) (config) # admin-password password
Choose a strong password that includes at least one capital letter and one number. The password cannot be
Blank.
The new password displays in clear text mode.
Modify the Admin-password password by the above two commands
Step 8 Exit config terminal mode and return to the boot prompt.
Step 9 Boot The system firmware version on the primary fabric interconnect.
Fabric (boot) # load/installables/switch/system_firmware_version
Example:
Fabric (boot) # Load/installables/switch/ucs-6100-k9-system.4.1.3.n2.1.0.211.bin
Step after the system image loads, log on to Cisco UCS Manager.
Once the password has been modified, go back to the fabric boot prompt, load the firmware system file, and you will be able to log in to the UCS manager after onboarding.
Step one in the console for the subordinate fabric interconnect, do the following to bring it up:
A) Boot the kernel firmware version on the subordinate fabric interconnect.
Loader > Boot/installables/switch/kernel_firmware_version
b) Boot the system firmware version on the subordinate fabric interconnect.
Fabric (boot) # load/installables/switch/system_firmware_version
Back to subordinate , manually boot the firmware kernel and then load the firmware system, after the reboot is complete, the password recovery is complete.
******************************************************************************************************
In my case, I'm talking about the problems I have during the recovery process:
1. After uploading the primary into the firmware system, I did not load and still stay at the original prompt. I feel like I may have something wrong with what I do.
2, after subordinate upload into the firmware system, normal loading, and prompted to enter cluster mode, but after startup, with the password reset can still not login.
3, I suspect primary has a problem, so manually restart the primary, after restarting with reset password can log in, but subordinate still can't log in.
4, so I followed the password recovery steps to subordinate again the same operation, when re-loaded firmware system, this time with a reset password can be logged in.
Here the console can log in, but the problem comes again, the story does not seem to end, through the web still can't login, why? Do you have two sets of passwords?
Since you can go through the console, there must be a way to go through the web. So after a look through, with the following method:
ucs-fi-6248up-a# Scope Security
Ucs-fi-6248up-a/security # Create Local-user Guanliyuan
Ucs-fi-6248up-a/security/local-user* # Set Account-status active
Ucs-fi-6248up-a/security/local-user* # Set Password
Enter a password:
Confirm the password:
Ucs-fi-6248up-a/security/local-user* #
ucs-fi-6248up-a/security/local-user* # Create role Admin
Ucs-fi-6248up-a/security/local-user* # Commit-buffer
The main function of the above command is to establish a local user Guanliyuan, activate the user, set the password, give the user admin privileges, save. Once you're done, you can manage UCS manager from Guanliyuan to the web!
The password recovery work is really done here!
This article is from the "Xunil" blog, make sure to keep this source http://136464.blog.51cto.com/126464/1682846
Cisco UCS6248 password recovery for fault handling