Hi nspasov,
Use case
I found "Unable to authorize access, etc" when I login to FMC GUI in my customer site even the FMC cli console is working well. They said they accidentally disable admin user role in FMC System> Users tab. I did the same to test the same issue in my lab.
Steps I used
- Disable the admin user role in FMC System> Users tab. I use 6.5 FMC ver.
- I reboot FMC from cli.
- I use eo_tool according to this following community support.
https://community.cisco.com/t5/firewalls/unable-to-authorize-access-fmc/td-p/3882293
- It didn't work. Then usertool.pl to reset admin password and give new password. It also didn't work.
- I still get the the same error "Unable to authorize access when I login to FMC Web GUI".

Apologies for the delayed reply as it took a bit of time to track this down. Please try this:

1. Use the eo_tool to re-enable the admin role (Steps provided from the other thread). However, make sure that you "save" the changes before exiting the eo_tool:

?UserRole> save

After you save, go back and edit the file and confirm that the changes were save and the admin role is re-enabled

2. After the admin role is re-enabled, you will need to update some data and permissions. For this you can use a perl script. E.g:

#!/usr/bin/perl

use FlyLoader;
use Data::Dumper;

my $uuid = "bee2eb18-e129-11df-a04a-42c66f0a3b36";

warn "Refreshing All User Permissions...";
SF::Permission::refreshAllUserPermissions();

warn "Updating Policies With User Role...";
SF::AuthConfigObject::updatePoliciesWithUserRole($uuid);

warn "CSM notifyRoleEO...";
SF::CSMAgent::notifyRoleEO($uuid,'update');

3. After you run the script, restart mojo:

pmtool restartbyid mojo

4. Reboot the FMC

5. You should be able to login to your UI

I hope this helps!

Thank you for rating helpful posts!

 

I also encountered this problem, how did you solve it, thank you