03-01-2012 07:57 AM - edited 03-16-2019 09:53 AM
Hi all,
we need to check if the security password is documented correct for a CUCM 8.6 cluster.
Is there a way to validate a given security password like a CLI command "validate security password"?
The only way I know is setting up a system in the lab and check if I can restore a backup.
I know I can reset the security password, but that's something I want to avoid because it requires rebooting the servers.
Thank you in advance
Jörg
03-01-2012 08:04 AM
No, there's no way to validate the security pwd.
The only method to see if it's correct or not is what you mention, either do a restore or change it.
HTH
java
If this helps, please rate
www.cisco.com/go/pdihelpdesk
04-05-2015 01:33 AM
Jamie,
There is a way to validate the password, without changing the password.
I have just tested it. The trick is to reset the password with a new password which is based on a dictionary word!
Example: "cisco123"
If the Old password is entered correctly - you will get the following error when you attempt to change the password:
"BAD PASSWORD: It is based on a dictionary word"
If the old password is incorrect, you will a different error (as below) and hence you can validate if your security password is as you suspect or not!
"The old password did not match"
Gerry
06-29-2015 07:53 AM
I have confirmed that this procedure works - I needed to verify a cluster security password for a client, and your method did work and I was able to verify the password without changing it.
Thank you for the suggestion!
Pete
09-10-2015 02:56 PM
I know its an old thread, but wanted to Thank you. I am rolling out a new CUCM environment. I was able to confirm my CUCM security passcode because I was able to add an IMP server. But we're going to add a second CUC server later, so I wanted to confirm the CUC security code before starting to configure it. I found this article, and it worked like a charm.
02-17-2016 05:14 AM
I tried to validate the security password on CUCM.
Used the command set password user security, entered the password which I have at the prompt.
Then it is asked me to enter the password, entered the previous password, it gave error as old and new password is same.
Again used the command set password user security and entered some other word as password, this time also it accepted the password and prompted me to enter new password.
Seems like, this way we can't validate the security password.
02-17-2016 06:03 AM
Again used the command set password user security and entered some other word as password, this time also it accepted the password and prompted me to enter new password.
When it prompted to enter the new password, did you enter the new password or left the process at that time. I believe you did not because if you had then only system would have checked the password that you entered first time after issuing the set password user security command and should have issued something like below since you entered the wrong password intentionally
Continue (y/n)?y
Please wait...
The old password did not match.
Secondly, I do not understand why would someone play with it like this in a real environment unless they are facing one of the below issues:
1) If you are going to add the second server to the existing cluster. During this, system will check if the Security Password matches with the primary node or not. If not, then the DB replication will not come up at all
2) If the DRS backup was taken of a UCCX system or any other UC system for that matter, then while doing the restore system will ask you to enter the Security Password and if it does not match with the one that was there while the backup was taken then the restore will not go through.
BTW, there is a Password Guess utility available in the platform config file that can be accessed only by TAC using the root of your system if you really want to test your Security Password. However, I would definitely not take the risk of playing with Security Password in a production environment using CLI unless I am facing one of the above issues as mentioned above.
Regards
Deepak
02-23-2016 09:00 AM
Hi Deepak,
Thanks for the response.
"If the DRS backup was taken of a UCCX system or any other UC system for that matter, then while doing the restore system will ask you to enter the Security Password and if it does not match with the one that was there while the backup was taken then the restore will not go through."
I have been provided with a password, but no one knows that is correct or not.
Incase if it is not correct, the cluster is running at risk as backup can't be restored in DR situation.so wanted to validate the password.
04-13-2017 12:30 AM
i have a cucm , unity and presence , is it possible to try it on a presence subscriber node to avoid any effect on a production environment? do all nodes share the same security password?
04-13-2017 12:43 AM
Hi,
It has to be done on all server otherwise they would stop replicating database. Also DRS has to run again aftre changing the security password through out the cluster.
JB
04-13-2017 08:05 AM
Every node in a cluster will use the same password, so you are able to test it from any server in that cluster. But we need to define a cluster based on what you were asking.
Unity and CUCM are two completely separate entities. Even though there is a high likelihood that whoever built your system used the same passwords, they didnt necessarily have to. Then on to Presence, it depends on the version. If its 9 and below, Presence was also its own separate cluster. In version 10 and above, it is part of the CUCM cluster.
04-17-2018 12:16 AM - edited 04-17-2018 12:18 AM
Man ,You're idea is out of the world. Awesome , Thank you so much for this wonderful trick. Thanks Again , gorourke.
05-01-2018 06:40 PM
I also just confirmed this works on CUCM 10.5.2:
SUPER HELPFUL! Thanks so much gorourke!
06-09-2018 05:03 PM
This does work..first time wrong password, second time right password. I used cisco123 as the new password both times.
admin:set password user security Please enter the old password: ************* Please enter the new password: ** Control-C pressed admin:set password user security Please enter the old password: ************* Please enter the new password: ******** Reenter new password to confirm: ******** WARNING: The Disaster Recovery System is dependent on this security password you are attempting to change. If you need to use any of the older backup archive to restore this system, you need to remember the older security password. To avoid this scenario, we recommend you to conduct a DRS Backup of your system/cluster immediately after this password change. Please make sure that the security password on the publisher is changed first. The security password needs to be the same on all cluster nodes, or the publisher and subscriber(s) will not communicate. After changing the security password on a cluster node, please restart that node. Continue (y/n)?y Please wait... The old password did not match.
###########################################################################
admin:set password user security Please enter the old password: ***************** Please enter the new password: ******** Reenter new password to confirm: ******** WARNING: The Disaster Recovery System is dependent on this security password you are attempting to change. If you need to use any of the older backup archive to restore this system, you need to remember the older security password. To avoid this scenario, we recommend you to conduct a DRS Backup of your system/cluster immediately after this password change. Please make sure that the security password on the publisher is changed first. The security password needs to be the same on all cluster nodes, or the publisher and subscriber(s) will not communicate. After changing the security password on a cluster node, please restart that node. Continue (y/n)?y Please wait... BAD PASSWORD: it is based on a dictionary word admin:
09-05-2019 06:27 AM
Works perfect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide