cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5191
Views
5
Helpful
10
Replies

3D2000 Sensor unable to login via GUI

coreharr
Cisco Employee
Cisco Employee

I have a 3D2000 sensor that I am able to login to admin using SSH just fine, but I am not able to authenticate via the GUI. I get the following message logging in via HTTPS... "Unable to authorize access. If you continue to have difficulty accessing this device, please contact the system administrator."

Can anyone help?

2 Accepted Solutions

Accepted Solutions

Pujita Patni
Cisco Employee
Cisco Employee

Hi,

Is this the first time you are trying to login to the GUI ? Did you make any certificate changes ?

You can reset the password of the admin user and then try logging in again.

Follow this: http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html#anc1

Thanks,

Pujita

Rate if it helps !

View solution in original post

4.7.0.4 is very old, so I'm not sure there is still a lot of info around for this. I think the latest (and last) version that is supported on the 3D2000 is 5.2.x (which is EOL).

In any case if you can't log into the webui it might just be the password. You can try resetting the password for the account via the usertool.pl script:

# sudo usertool.pl -p 'admin Sourcefire'

This should set the admin user's password for the webui to Sourcefire. As long as usertool.pl exists on version 4.7 (I only know it has been around since at least 4.9).

If this doesn't fix it you can try resetting all users back to the default by running:

# sudo repair_users.pl -i

This will reset credentials to the defaults (I'm guessing admin/Sourcefire). This will also reset your ssh passwords to the defaults and this will remove any extra users that were ever created. Again, if this script even exists on 4.7.

To answer you question:

"Is it possible to reimage directly from the USB key supplied with the device without using SCP?"

You have to use the USB keyfob that came with the device to re-image it for this model and the re-image process requires the image file to be hosted on an SCP, FTP, or HTTP server. I would recommend you re-image the device to 5.2 if you have the image. 

The process to re-image is almost the same as the procedure here:

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118308-technote-firesight-00.html

However on all of the newer models there is an internal USB keyfob, so in your case you need to plug in the USB keyfob, reboot and select it from the boot menu and it might not show up as "System_Restore" it will probably be something else. After that the process is the same as it is in the above article.

Hope this helps!

View solution in original post

10 Replies 10

Pujita Patni
Cisco Employee
Cisco Employee

Hi,

Is this the first time you are trying to login to the GUI ? Did you make any certificate changes ?

You can reset the password of the admin user and then try logging in again.

Follow this: http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html#anc1

Thanks,

Pujita

Rate if it helps !

Thanks Pujita for the reply. This is the first time this device is being used and I am trying to set it up for the first time. I am able to login to the admin account using SSH, but I am not able to via the GUI. 

Hi ,

Login on SSH of the device and run " tailf /var/log/messages and try to access the GUI , see if you get any errors regarding same.

You might also try to restart the https service and see if that fixes the issue , by escalating the privilege to root : sudo su and then pmtool restartbyid https.

Also refer : http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Jetsy Mathew
Cisco Employee
Cisco Employee

Hello Team,

What is the software version that you are trying now ?

If its the version 6.0 , then please navigate to "Update Management Center HTTPS Certificates to Version 6.0" in the following link.

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/relnote/firepower-system-release-notes-version-600.html

If its not the version 6.0 , then please verify the /var/log/messages in the log files by logging via ssh to the device.

As a last step, you can try resetting the user.

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html

Rate and mark correct if the post helps you

Regards

Jetsy

The software version is 4.7.0.4. Would like to upgrade to the latest version available for my appliance. 

I was able to gain access to the GUI. Discovered that the SSH admin account is not the same as the GUI admin account. 

Is it possible to reimage directly from the USB key supplied with the device without using SCP?

Thanks all for your help. 

4.7.0.4 is very old, so I'm not sure there is still a lot of info around for this. I think the latest (and last) version that is supported on the 3D2000 is 5.2.x (which is EOL).

In any case if you can't log into the webui it might just be the password. You can try resetting the password for the account via the usertool.pl script:

# sudo usertool.pl -p 'admin Sourcefire'

This should set the admin user's password for the webui to Sourcefire. As long as usertool.pl exists on version 4.7 (I only know it has been around since at least 4.9).

If this doesn't fix it you can try resetting all users back to the default by running:

# sudo repair_users.pl -i

This will reset credentials to the defaults (I'm guessing admin/Sourcefire). This will also reset your ssh passwords to the defaults and this will remove any extra users that were ever created. Again, if this script even exists on 4.7.

To answer you question:

"Is it possible to reimage directly from the USB key supplied with the device without using SCP?"

You have to use the USB keyfob that came with the device to re-image it for this model and the re-image process requires the image file to be hosted on an SCP, FTP, or HTTP server. I would recommend you re-image the device to 5.2 if you have the image. 

The process to re-image is almost the same as the procedure here:

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118308-technote-firesight-00.html

However on all of the newer models there is an internal USB keyfob, so in your case you need to plug in the USB keyfob, reboot and select it from the boot menu and it might not show up as "System_Restore" it will probably be something else. After that the process is the same as it is in the above article.

Hope this helps!

I am able to login to the GUI. I tried to update the software using the Update tool in the webui but the updates available won't update code older than 5.2

5.4 is available and I will try to update it by re-imaging it.

Hi Jetsy,

 

I lost the access to the web interface after updating the FMC to Version 6.0 but able to access it via ssh.

I doubt its the issue with "Update Management Center HTTPS Certificates before upgrade of Version 6.0"

 

Can I have a command line syntax to generate a new self signed certificate to gain web access to the FMC.

 

Thanks

@jameel121,

 

Have you confirmed that the apliance is running its web server?

 

If you have cli access you can check with "sudo netstat -a | grep 443"

Thanks Marvin for your response; the issue got resolved, actually the update on the FMC from 6.0 to 6.2 took a longer duration than a usual update and was running backend, I tried to re-login to the GUI after 1hour from my post here, and it just worked.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: