cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3617
Views
0
Helpful
5
Replies

Prime will not let me log in through Web Interface after certificate install

Ditter
Level 4
Level 4

Hi to all,

 

just recently i updated my Prime with certificates. After that i am not able to log in again via the web account (root) !

 

Although the problem i believe is bind to the certificate change i also tried the following:

 

vm/nmsuser# ncs password root password test123

ERROR: Web interface 'root' password reset failed.
Passwords must meet the password policy requirements
set by the administrator.

 

Please note that i have changed the password policy in order to accept even not capital letters.

 

I also tried the following:

 

vm/user# ncs webroot disable
vm/user# ncs webroot enable
vm/user# ncs password root password test123

ERROR: Web interface 'root' password reset failed.
Passwords must meet the password policy requirements
set by the administrator.

 

vm/user# show version

Cisco Application Deployment Engine OS Release: 4.1
ADE-OS Build Version: 4.1.0.001
ADE-OS System Architecture: x86_64

Copyright (c) 2009-2019 by Cisco Systems, Inc.
All rights reserved.
Hostname: vm


Version information of installed applications
---------------------------------------------

Cisco Prime Infrastructure
********************************************************
Version : 3.6.0 [FIPS not Enabled]
Build : 3.6.0.0.172
Critical Fixes:
PI 3.6 Update 03 ( 3.0.0 )
Device Support:
Prime Infrastructure 3.6 Device Pack 1 ( 1.0 )

 

vm/user# ncs status
Health Monitor Server is running. ( [Role] Primary [State] HA not Configured )
Database server is running
FTP Service is running
TFTP Service is running
Matlab Server is running
Matlab Server Instance 1 is running
Matlab Server Instance 2 is running
Matlab Server Instance 3 is running
NMS Server is running.
Coral Service is running.
WSA Service is running.
SAM Daemon is running ...
DA Daemon is running ...
Compliance engine is running

Any ideas why i stopped being able to login?

 

Thanks,

 

Ditter.

 

1 Accepted Solution

Accepted Solutions

 

 - Not immediately a 'brute force attack' could be searching in all files and looking for the string-data from the certificate (partially).

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

5 Replies 5

marce1000
VIP
VIP

 

 - Verify current password policy by  going to :  Administration > Users > Users, Roles & AAA > Local Password Policy  2) Try a complicated password any may , to check if this is related to the certificate or not.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thanks Marce1000,

i am not able to login to the web interface, i tried through the cli to change the password to a complicated one but nothing changed.

 

 

 

 - Yeah , I realized that this was a chicken and egg issue upon after I wrote my reply. If you can't revoke the certificate (e.g.) through the CLI, ypu may want to roll-back from a previous prime backup (before the cert was added) which is possible to restore via the CLI.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thank you,

 

i am trying to find out where is the CERT stored and i am using the following command:

 

ncs certvalidation trusted-ca-store listcacerts truststore ?
devicemgmt Trust store used for validating cert from managed devices
pubnet Trust store used for validating cert from public internet
system Trust store used for validating cert from other peer systems
user Trust store used for validating cert for user login

 

But all the certificates in these folders are irrelevant to the one i created in the PI through CLI. 

 

Any ideas where it could be stored?

 

Thanks again,

Ditter

 

 - Not immediately a 'brute force attack' could be searching in all files and looking for the string-data from the certificate (partially).

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Review Cisco Networking for a $25 gift card