Hi funnybhalla,

Have you tried logging in with username rescue-user

With no password (on APIC and switches)?

This might be all you need to do.  

For more information see: see https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/troubleshooting/b_APIC_Troubleshooting/b_APIC_Troubleshooting_chapter_0100.pdf

RedNectar

aka Chris Welsh

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

References:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/troubleshooting/b_APIC_Troubleshooting/b_APIC_Troubleshooting_chapter_0100.pdf

Glad to hear you solved it.  Make sure you mark your own answer as correct

rescue-user works only if you are never synchronized with the controller,

In that case, you will need to (from https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/troubleshooting/b_APIC_Troubleshooting/b_APIC_Troubleshooting_chapter_0100.pdf)

Follow these steps to recover the APIC password.

Step 1 Create and save an empty file named "aci-admin-passwd-reset.txt".

Step 2 Add the file to a USB drive. You can format the USB drive to FAT or FAT32.

Step 3 Connect the USB drive to one of the rear USB ports on the Cisco APIC.

Step 4 Reboot the APIC using Cisco Integrated Management Controller (CIMC) or by hard power cycling the device.

Step 5 When the APIC displays the "Press any key to enter the menu" prompt, press a key to interrupt the boot process.

Step 6 The APIC displays supported Linux versions. Highlight the version installed on your system and press e to edit the boot command.

Step 7 Highlight the kernel and press e to edit the command in boot sequence.

Step 8 Add the name of the empty file to the end of the command, shown as follows:

Example:

[ Minimal BASH-like line editing is supported. For the first word, TAB lists possible command completions. Anywhere else TAB lists the possible completions of a device/filename. ESC at any time cancels. ENTER at any time accepts your changes.]

< rhgb quiet selinux=0 audit=1 aci-admin-passwd-reset

Step 9 Press Enter to save the file.

Step 10 Press b to boot the APIC. Note To cancel the password reset operation and return to the default boot parameters, press Esc and Enter.

Step 11 The APIC boots and prompts for a new administrator password.

Hi Robert,

I want to root access for /mgmt/bin/sshd -version.

How about the command to root access on APIC ?

For the APICs & Switches, you should be setting the time via NTP policy with the fabric.  Time is critical and we don't want devices getting out of sync by manual changing.  There's only a rare circumstance where the time needs to be change using root, and thats only during fabric discovery issues.

As for the processes, which ones are you trying to kill?  We don't expect users would normally need to do this, but if you have a legitimate requirement we can discuss.  We made certain "root" type functions available to the admin user as needed, but we wouldn't blankly open up root access otherwise.

Robert

solution to my situation: upgrade the APIC manually prior to connecting it to the cluster.

background: APIC on firmware v1 cannot join cluster running firmware v2. see https://supportforums.cisco.com/discussion/13111296/standby-apic-controller

-------------------------------------------------------

Hello I have a fabric discovery issue and would like to set the time manually but I'm getting:

date: cannot set date: Operation not permitted                

I'm trying to add a 3rd APIC controller to my cluster. The cluster size is configured for 3 APICs but the 3rd APIC sits at "Data Layer Partially Diverged". The time is off by about 8 hours. My cluster is at firmware version 2.2(2f) and the APIC I'm trying to add is at version 1.03 or 1.3 from memory.

I've seen leafs also have similar symptoms and the solution is to manually upgrade the leaf prior to connecting it the fabric but that seems like a pita for an APIC.

Yan             

If 2 of your APICs are running 2.2(2f) and the fabric cluster version is also set at 2.2(2f), then the 3rd APIC that you are trying to add needs to be at 2.2(2f).  You can download the 2.2(2f) .iso file from www.cisco.com and can manually upgrade the APIC3 using the CIMC KVM and attach the 2.2(2f) .iso.  This will upgrade your APIC3 to 2.2(2f).

Also, when booting the APIC3, access the CIMC KVM and you can select the function key to boot into & configure BIOS.  You should be able to set the Date\Time in the BIOS configuration.

If you continue to have issues, You may want to open a Cisco ACI TAC case so an ACI engineer can assist you with your issues.

I hope this helps!

T.