Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1266
Views
15
Helpful
7
Replies

Unable to get access to the default user admin on a Firepower module

swscco001
Level 3
Level 3

‎02-12-2023 11:48 PM

Hello everybody,

our customer has a ASA5516 running rel. 9.16(3)23 with Firepower module rel. 7.0.2-88.

Unfortunately he don't have the password for the default user admin anymore.

I took my credentials on the module and tried to regenerate the admin user.

The default password gives no access and so I have tried the following on the module:

1. I cannot change the password for user admin because it want to know the
current (unknown) password:

> configure user password admin
Enter current password:                     ???


2. I tried the option forcereset but it was without any effect:

> configure user forcereset admin


3. I tried to delete the user admin to be able to recreate it thereafter:

> configure user delete admin
Unable to delete admin user.


Because I had no success I tried the following command on the ASA but
it was rejected:

asa1-1/stby# session sfr do password-reset
Invalid do command password-reset


Is there any other possibility to get access to the default user admin on
the Firepower module again?

Every hint is welcome.

Thanks a lot!

 


Bye
R.

0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎02-13-2023 12:05 AM

You need to run the command in ACTIVE Firewall (not on asa1-1/stby# )

session {1 | sfr} do password-reset  (Use 1 for a hardware module, sfr for a software module.)

Login into ASA CLI, enter: session sfr do password-reset

next: session sfr console

Login in with admin/Admin123

In sfr console enter: configure

next: password

Change password to a new one.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

swscco001
Level 3
Level 3
In response to balaji.bandi

‎02-20-2023 12:37 AM

Hi Balaji,

sorry for the delay but I was sick out.

I tried the pssword reset from the active ASA but it did not work:

asa1-1/act# session sfr do password-reset
Invalid do command password-reset

Is there still another option that we can try?

Thanks a lot!

 

Bye
R.

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni
In response to swscco001

‎02-20-2023 01:25 AM

You cannot create a admin name without password as you already came across. The command session sfr do password-reset does not work either. only option you have if this Sensor is managed by FMC in that case you have to uninstall the sensor on the ASA and have to rebuild. once the sensor is rebuild set the username and password then re-add this to FMC, the FMC will push all the policies and all the setting to IPS module.

please do not forget to rate.

balaji.bandi
Hall of Fame
Hall of Fame
In response to swscco001

‎02-20-2023 01:38 AM

no worries, Hope you feel better now.

can you post show version (full) show modules (full), show failover

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni
In response to balaji.bandi

‎02-20-2023 01:59 AM

@balaji.bandi  9.16(3)23 with Firepower module rel. 7.0.2

please do not forget to rate.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Sheraz.Salim

‎02-20-2023 07:26 AM

cheers  i missed that info OP provided in the first post.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card