Re: ACS 5 password recovery with USB

Alex Kitaichik · ‎10-29-2013

Hello everyon,

It seems I ran into ACS 5 appliance without a CDROM drive.

How do I perform password recovery on such box?

I ran different linux scripts and USB disk images present on ACS recovery cdrom (which seems to be pretty useless for me, since that particular appliance seems to have no cd drive) - and every script and image present on the CD result in CENTOS installation. On boxes equipped with cd drive, I can use the recovery cd supplied with ACS and it has an option on reboot for password recovery.

What should I do on usb only equipped box for password reset?

Thank you.

Jatin Katyal · ‎10-29-2013

Alex,

What is the appliance model you've in your setup?

ACS 5.4 on the SNS-3415 Appliance using USB Drive

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_ins_acs_in_ucs.html#wp1128737

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Alex Kitaichik · ‎10-29-2013

It's standard ACS appliance (I'll be able to verify the exact h/w version in about an hour). It looks exactly similar to hundreds other ACS appliances I've seen. With one important difference – it lacks CDROM.

Password recovery on boxes equipped with CDROM is simple and I've done this countless times.

----------------------------------------------------------------------------------------------------------------------------------------------

Now on the other hand, it seems to me (IMHO) – documentation is lacking. I was unable to find exact steps for password recovery for an appliance w/o CDROM. Among DVDs accompanying that appliance, there is as usual a DVD titled "Installation and Recovery Disk" but it's pretty much useless since the box has no CDROM. There is however an 'images' folder on that DVD with an UNIX (?!) script intended to create USB disks for booting the ACS from USB (at least, that's what the readme file within this folder claims).

And indeed – it creates USB disks that ACS is being able to boot from – but all the images included within that "Installation and Recovery Disk", are CentOS installation (?!), now - since the example for using the UNIX script (I mentioned above) as it appears in the readme file is:

" ...

For example, if your USB device was /dev/sdc, and your source ISO
image was ACS-5.4.0.40-2242--08-29-2012.iso, you would use this syntax:

# ./iso-to-usb.sh ACS-5.4.0.40-2242--08-29-2012.iso /dev/sdc ... "

I assume that an ACS installation ISO (downloaded from cisco website) should be used and not the images from CD.

----------------------------------------------------------------------------------------------------------------------------------------------

Anyhow, as I said – IMHO documentation is lacking. I'm trying this script with ACS_v5.3.0.40.iso – if this will not work, I do think Cisco should seriously improve the documentation on password recovery on ACS appliances w/o CDROMs.

Alex Kitaichik · ‎10-30-2013

Hi Jatin Katyal,

Thank you.

Although I figured it out, the link you provided was helpful in establishing I'm doing it right. Sort of strange, I didn’t locate it by any Google search.

BUT –

Unfortunately, the procedure described isn’t quite working. I've downloaded ACS_v5.3.0.40.iso from here. Created the USB disk in the way described (although I have to notice I was using Ubuntu Linux and not CentOS – but on the other hand it is important to notice that USB disk created successfully and ACS is booting up from USB without any problem, the error which I'll enclose in a moment seems to me s/w related).

This time as I mentioned – ACS booted up successfully, bring me to a familiar screen suggesting Installing ACS or password recovery. After choosing 'password recovery' that's what I ran into:

It is important to notice the local HD RAID is perfectly fine – the box is able to boot from it successfully and ACS comes up without a hitch (though unfortunately credentials unknown)

Ideas will be welcomed.