09-05-2016 10:23 PM - edited 03-12-2019 06:07 AM
I have a 3D2000 sensor that I am able to login to admin using SSH just fine, but I am not able to authenticate via the GUI. I get the following message logging in via HTTPS... "Unable to authorize access. If you continue to have difficulty accessing this device, please contact the system administrator."
Can anyone help?
Solved! Go to Solution.
09-06-2016 09:26 AM
Hi,
Is this the first time you are trying to login to the GUI ? Did you make any certificate changes ?
You can reset the password of the admin user and then try logging in again.
Follow this: http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html#anc1
Thanks,
Pujita
Rate if it helps !
09-07-2016 06:13 PM
4.7.0.4 is very old, so I'm not sure there is still a lot of info around for this. I think the latest (and last) version that is supported on the 3D2000 is 5.2.x (which is EOL).
In any case if you can't log into the webui it might just be the password. You can try resetting the password for the account via the usertool.pl script:
# sudo usertool.pl -p 'admin Sourcefire'
This should set the admin user's password for the webui to Sourcefire. As long as usertool.pl exists on version 4.7 (I only know it has been around since at least 4.9).
If this doesn't fix it you can try resetting all users back to the default by running:
# sudo repair_users.pl -i
This will reset credentials to the defaults (I'm guessing admin/Sourcefire). This will also reset your ssh passwords to the defaults and this will remove any extra users that were ever created. Again, if this script even exists on 4.7.
To answer you question:
"Is it possible to reimage directly from the USB key supplied with the device without using SCP?"
You have to use the USB keyfob that came with the device to re-image it for this model and the re-image process requires the image file to be hosted on an SCP, FTP, or HTTP server. I would recommend you re-image the device to 5.2 if you have the image.
The process to re-image is almost the same as the procedure here:
However on all of the newer models there is an internal USB keyfob, so in your case you need to plug in the USB keyfob, reboot and select it from the boot menu and it might not show up as "System_Restore" it will probably be something else. After that the process is the same as it is in the above article.
Hope this helps!
09-06-2016 09:26 AM
Hi,
Is this the first time you are trying to login to the GUI ? Did you make any certificate changes ?
You can reset the password of the admin user and then try logging in again.
Follow this: http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html#anc1
Thanks,
Pujita
Rate if it helps !
09-06-2016 12:16 PM
Thanks Pujita for the reply. This is the first time this device is being used and I am trying to set it up for the first time. I am able to login to the admin account using SSH, but I am not able to via the GUI.
09-07-2016 04:45 AM
Hi ,
Login on SSH of the device and run " tailf /var/log/messages and try to access the GUI , see if you get any errors regarding same.
You might also try to restart the https service and see if that fixes the issue , by escalating the privilege to root : sudo su and then pmtool restartbyid https.
Also refer : http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html
Regards,
Aastha Bhardwaj
Rate if that helps!!!
09-06-2016 10:23 PM
Hello Team,
What is the software version that you are trying now ?
If its the version 6.0 , then please navigate to "Update Management Center HTTPS Certificates to Version 6.0" in the following link.
http://www.cisco.com/c/en/us/td/docs/security/firepower/60/relnote/firepower-system-release-notes-version-600.html
If its not the version 6.0 , then please verify the /var/log/messages in the log files by logging via ssh to the device.
As a last step, you can try resetting the user.
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118631-technote-firesight-00.html
Rate and mark correct if the post helps you
Regards
Jetsy
09-07-2016 03:09 PM
The software version is 4.7.0.4. Would like to upgrade to the latest version available for my appliance.
I was able to gain access to the GUI. Discovered that the SSH admin account is not the same as the GUI admin account.
Is it possible to reimage directly from the USB key supplied with the device without using SCP?
Thanks all for your help.
09-07-2016 06:13 PM
4.7.0.4 is very old, so I'm not sure there is still a lot of info around for this. I think the latest (and last) version that is supported on the 3D2000 is 5.2.x (which is EOL).
In any case if you can't log into the webui it might just be the password. You can try resetting the password for the account via the usertool.pl script:
# sudo usertool.pl -p 'admin Sourcefire'
This should set the admin user's password for the webui to Sourcefire. As long as usertool.pl exists on version 4.7 (I only know it has been around since at least 4.9).
If this doesn't fix it you can try resetting all users back to the default by running:
# sudo repair_users.pl -i
This will reset credentials to the defaults (I'm guessing admin/Sourcefire). This will also reset your ssh passwords to the defaults and this will remove any extra users that were ever created. Again, if this script even exists on 4.7.
To answer you question:
"Is it possible to reimage directly from the USB key supplied with the device without using SCP?"
You have to use the USB keyfob that came with the device to re-image it for this model and the re-image process requires the image file to be hosted on an SCP, FTP, or HTTP server. I would recommend you re-image the device to 5.2 if you have the image.
The process to re-image is almost the same as the procedure here:
However on all of the newer models there is an internal USB keyfob, so in your case you need to plug in the USB keyfob, reboot and select it from the boot menu and it might not show up as "System_Restore" it will probably be something else. After that the process is the same as it is in the above article.
Hope this helps!
09-07-2016 06:25 PM
I am able to login to the GUI. I tried to update the software using the Update tool in the webui but the updates available won't update code older than 5.2
5.4 is available and I will try to update it by re-imaging it.
09-15-2017 11:47 AM
Hi Jetsy,
I lost the access to the web interface after updating the FMC to Version 6.0 but able to access it via ssh.
I doubt its the issue with "Update Management Center HTTPS Certificates before upgrade of Version 6.0"
Can I have a command line syntax to generate a new self signed certificate to gain web access to the FMC.
Thanks
09-16-2017 05:28 AM
Have you confirmed that the apliance is running its web server?
If you have cli access you can check with "sudo netstat -a | grep 443"
09-16-2017 08:21 AM
Thanks Marvin for your response; the issue got resolved, actually the update on the FMC from 6.0 to 6.2 took a longer duration than a usual update and was running backend, I tried to re-login to the GUI after 1hour from my post here, and it just worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide