10-08-2019 07:45 PM
Hello Cisco ISE experts,
I have a Cisco appliance 3655 which I need to perform a CLI password recovery. Our remote engineer has forgotten the password set on the CLI during the initial configuration.
Since the 3655 Appliance does not have a CD/DVD drive, how do we perform the password recovery?
Could someone please assist with a guide/procedure to get the ISO file across so we can access the boot menu.
Apparently we can not get to the CIMC portal either.
Appreciate your assistance.
Thanks.
Solved! Go to Solution.
10-08-2019 09:01 PM - edited 10-08-2019 09:10 PM
If you cannot access the CIMC remotely then you will have to perform this work in person with a monitor and keyboard. If you had access to the CIMC you could mount the ISO via the java or html KVM. But with you saying you can't access the CIMC then your other option is to boot the appliance from a bootable USB drive with the ISE 2.4/2.6 loaded on it. The boot menu is available outside of the CIMC during server restarts. I have heard of people having issues with booting from USB so this might now work.
Since you don't have the CIMC password youwill have to perform a CIMC password reset via the service jumpers inside. I have not done this myself on a SNS appliance so it might be advisable to preemptively open a TAC case. The process is very likely the same as the c220m5 it was built off. Look for the section titled "Using the Clear Password Header (J38, Pins 13 - 14)".
https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/hw/C220M5/install/C220M5/C220M5_chapter_010.html#task_z11_ncv_jz
I would reset the CIMC password first, then leverage the CIMC KVM to mount the ISO and reset the ISE CLI password.
10-08-2019 09:01 PM - edited 10-08-2019 09:10 PM
If you cannot access the CIMC remotely then you will have to perform this work in person with a monitor and keyboard. If you had access to the CIMC you could mount the ISO via the java or html KVM. But with you saying you can't access the CIMC then your other option is to boot the appliance from a bootable USB drive with the ISE 2.4/2.6 loaded on it. The boot menu is available outside of the CIMC during server restarts. I have heard of people having issues with booting from USB so this might now work.
Since you don't have the CIMC password youwill have to perform a CIMC password reset via the service jumpers inside. I have not done this myself on a SNS appliance so it might be advisable to preemptively open a TAC case. The process is very likely the same as the c220m5 it was built off. Look for the section titled "Using the Clear Password Header (J38, Pins 13 - 14)".
https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/hw/C220M5/install/C220M5/C220M5_chapter_010.html#task_z11_ncv_jz
I would reset the CIMC password first, then leverage the CIMC KVM to mount the ISO and reset the ISE CLI password.
10-09-2019 03:11 PM
10-09-2019 04:20 PM
10-13-2019 09:20 PM
Hi Damien, thanks again for your reply. The SNS has 2.6 installed so we are hopeful it will work, or have the CIMC access sorted so we can go that path. The remote engineers will get to it this week and I will keep you posted on the progress. Appreciate your input and options proposed.
Thanks.
05-28-2020 09:09 PM
05-28-2020 10:21 PM
Yes you can do it from USB, and physical dvd only if it's an older appliance with a DVD drive. For all appliances, you can mount the ISE ISO via the CIMC HTML/java KVM virtual dvd drive. The process for a password reset hasn't changed since the SNS appliances released. You go through the same process that you would to install an ISE node from the ISO, booting from the ISE, but instead of selecting option 1 to perform a fresh install, you select option 3 to run through the CLI password reset.
Welcome to Cisco Identity Services Engine - ISE
To boot from hard disk press <Enter>
Available boot options:
[1] Cisco Identity Services Engine Installation (Keyboard/Monitor)
[2] Cisco Identity Services Engine Installation (Serial Console)
[3] Reset Administrator Password (Keyboard/Monitor)
[4] Reset Administrator Password (Serial Console)
<Enter> Boot from hard disk
Please enter boot option and press <Enter>
boot: 3
05-29-2020 07:22 AM
Hello @Damien Miller thanks for your post.
Actually I tried but in the option 3 and 4 I have <utility system console and keyboard and monitor> I didn't get the reset password option for that reason I performed the reimage process.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide