03-01-2020 07:08 AM
Hi to all,
just recently i updated my Prime with certificates. After that i am not able to log in again via the web account (root) !
Although the problem i believe is bind to the certificate change i also tried the following:
vm/nmsuser# ncs password root password test123
ERROR: Web interface 'root' password reset failed.
Passwords must meet the password policy requirements
set by the administrator.
Please note that i have changed the password policy in order to accept even not capital letters.
I also tried the following:
vm/user# ncs webroot disable
vm/user# ncs webroot enable
vm/user# ncs password root password test123
ERROR: Web interface 'root' password reset failed.
Passwords must meet the password policy requirements
set by the administrator.
vm/user# show version
Cisco Application Deployment Engine OS Release: 4.1
ADE-OS Build Version: 4.1.0.001
ADE-OS System Architecture: x86_64
Copyright (c) 2009-2019 by Cisco Systems, Inc.
All rights reserved.
Hostname: vm
Version information of installed applications
---------------------------------------------
Cisco Prime Infrastructure
********************************************************
Version : 3.6.0 [FIPS not Enabled]
Build : 3.6.0.0.172
Critical Fixes:
PI 3.6 Update 03 ( 3.0.0 )
Device Support:
Prime Infrastructure 3.6 Device Pack 1 ( 1.0 )
vm/user# ncs status
Health Monitor Server is running. ( [Role] Primary [State] HA not Configured )
Database server is running
FTP Service is running
TFTP Service is running
Matlab Server is running
Matlab Server Instance 1 is running
Matlab Server Instance 2 is running
Matlab Server Instance 3 is running
NMS Server is running.
Coral Service is running.
WSA Service is running.
SAM Daemon is running ...
DA Daemon is running ...
Compliance engine is running
Any ideas why i stopped being able to login?
Thanks,
Ditter.
Solved! Go to Solution.
03-04-2020 05:28 AM
- Not immediately a 'brute force attack' could be searching in all files and looking for the string-data from the certificate (partially).
M.
03-01-2020 11:22 PM
- Verify current password policy by going to : Administration > Users > Users, Roles & AAA > Local Password Policy 2) Try a complicated password any may , to check if this is related to the certificate or not.
M.
03-02-2020 05:40 AM
Thanks Marce1000,
i am not able to login to the web interface, i tried through the cli to change the password to a complicated one but nothing changed.
03-02-2020 06:17 AM
- Yeah , I realized that this was a chicken and egg issue upon after I wrote my reply. If you can't revoke the certificate (e.g.) through the CLI, ypu may want to roll-back from a previous prime backup (before the cert was added) which is possible to restore via the CLI.
M.
03-04-2020 03:51 AM
Thank you,
i am trying to find out where is the CERT stored and i am using the following command:
ncs certvalidation trusted-ca-store listcacerts truststore ?
devicemgmt Trust store used for validating cert from managed devices
pubnet Trust store used for validating cert from public internet
system Trust store used for validating cert from other peer systems
user Trust store used for validating cert for user login
But all the certificates in these folders are irrelevant to the one i created in the PI through CLI.
Any ideas where it could be stored?
Thanks again,
Ditter
03-04-2020 05:28 AM
- Not immediately a 'brute force attack' could be searching in all files and looking for the string-data from the certificate (partially).
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide