Solved: Cannot use root_enable in PI2.2

henry.huikw · ‎10-30-2015

Why I cannot use root_enable command in Prime Infrastructure 2.2 (VM)?

PI-TEST/admin# root_enable
^
% invalid command detected at '^' marker.

actually, I'm trying to upload a thord-party MIB in PI2.2, but no luck. i found there was a discussion talking about it.

https://supportforums.cisco.com/discussion/12129411/failed-upload-mib-file-prime-infrastructure20

AFROJ AHMAD · ‎11-01-2015

now ,its not possible. you would need to re-installed the PI.

however you can try to recover the root password as below::

Please find the following procedure to recover the root shell password:

1- Boot off of a CentOS/RedHat 5 or 6 install CD or DVD.

Use any of the following ISO images:

CentOS-5.10-x86_64-bin-DVD-1of2.iso
CentOS-5.11-x86_64-bin-DVD-1of2.iso
CentOS-6.6-x86_64-bin-DVD1.iso

2- Once booted, type "linux rescue" on prompt and hit ENTER key

3- Chose default options for language/keyboard and don't choose network option

4- You will see a message as below:
The rescue environment will now attempt to find your Linux installation and mount it under the directory /mnt/sysimage. You can then make any changes required to your system. If you want to proceed with this step choose 'Continue'. You can also choose to mount your file systems read-only instead of read-write by choosing 'Read-only'. If for some reason this process fails you can choose 'Skip' and this step will be skipped and you will go directly to a command shell.

Choose "Continue" in this screen

5- Once an existing installation is found, it will be mounted to "/mnt/sysimage" location and you will be dropped to command prompt.

6- Change root to the PI install location by using following command:

# chroot /mnt/sysimage

7- Move /storeddata/rootpatchpw

#mv /storeddata/rootpatchpw /root/

8- Now type "exit" and hit ENTER key

9- Type "reboot" and boot into PI

hope it will help

Thanks-

Afroz

**Ratings Encourages Cobtributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

AFROJ AHMAD · ‎11-01-2015

Hi ,

try to do #root_disable and then # root_enable and see how it works

are you using FIPS mode ?

share the "show security-status" command output ,if above does not help

Thanks-

Afroz

**Do rate the useful post**

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

henry.huikw · ‎11-01-2015

Hi,

here is the output. it is FIPS mode, but "root-disable" is not working. is there different bewtween physical appliance and VM?

Last login: Fri Oct 30 16:35:02 2015
PI-TEST/admin#
PI-TEST/admin#
PI-TEST/admin#
PI-TEST/admin#
PI-TEST/admin# root_disable
^
% invalid command detected at '^' marker.

PI-TEST/admin# show security-status

Open TCP Ports : 22 443 1522 8082
Open UDP Ports : 162 514 9991

FIPS Mode : enabled
TFTP Service : disabled
FTP Service : disabled

JMS port(61617) : disabled

Note : Shows currently configured values
Changes made after last system start if any,
will be effective after next restart

PI-TEST/admin#

AFROJ AHMAD · ‎11-01-2015

Hi Henry,

what you are seeing is expected resposne in FIPS mode.

Access to the “root” shell account is disabled. The commands root, root_enable, and root_disable are not available when you connect to the server using CLI.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/ServerHardening.html#pgfId-1022489

**Ratings Encourages Contributors***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

henry.huikw · ‎11-01-2015

Hi

is it possible possible to change the mode?

thanks

Henry

AFROJ AHMAD · ‎11-01-2015

now ,its not possible. you would need to re-installed the PI.

however you can try to recover the root password as below::

Please find the following procedure to recover the root shell password:

1- Boot off of a CentOS/RedHat 5 or 6 install CD or DVD.

Use any of the following ISO images:

CentOS-5.10-x86_64-bin-DVD-1of2.iso
CentOS-5.11-x86_64-bin-DVD-1of2.iso
CentOS-6.6-x86_64-bin-DVD1.iso

2- Once booted, type "linux rescue" on prompt and hit ENTER key

3- Chose default options for language/keyboard and don't choose network option

4- You will see a message as below:
The rescue environment will now attempt to find your Linux installation and mount it under the directory /mnt/sysimage. You can then make any changes required to your system. If you want to proceed with this step choose 'Continue'. You can also choose to mount your file systems read-only instead of read-write by choosing 'Read-only'. If for some reason this process fails you can choose 'Skip' and this step will be skipped and you will go directly to a command shell.

Choose "Continue" in this screen

5- Once an existing installation is found, it will be mounted to "/mnt/sysimage" location and you will be dropped to command prompt.

6- Change root to the PI install location by using following command:

# chroot /mnt/sysimage

7- Move /storeddata/rootpatchpw

#mv /storeddata/rootpatchpw /root/

8- Now type "exit" and hit ENTER key

9- Type "reboot" and boot into PI

hope it will help

Thanks-

Afroz

**Ratings Encourages Cobtributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

henry.huikw · ‎11-02-2015

thanks a lot!