09-16-2005 12:49 PM - edited 03-13-2019 10:32 AM
I just installed a subscriber, but I could not access user information from CCM admin, and could not access DC Directory administration, the password for "Directory Manager" is not the default, not the cluster (on publisher). But when I looked at the encrypted 'MGRPW' in registry, which is exactly the same as in publisher.
I tried to reinstall CCM/DC Directory, but the result was still the same. What could go wrong?
Wei
MTS Allstream
Solved! Go to Solution.
09-19-2005 12:40 PM
ok, thx for the clarification. I am more concerned as to why the DC Directory is not working since it seems that the installer is able to get the MGRPW from the registry on the pub. The integratedSetup.trc will hopefully show us whether the installation was successful or not.
In my previous post I wanted you to change the authenticaion method to none when logging into DCD Administrator. This will allow you to login without a password but not be able to do anything. You will get a message, just click ok. You should then see cisco.com in the right pane. If you don't see cisco.com then I would suspect an issue with the DCD installation. You won't be able to do anything with cisco.com.
I am trying to make sure the DC Directory is getting installed and if it is that it is a complete installation. Since you have tried this twice I would recommned opening a TAC case, provide the integratedSetup.trc, all of the log files in c:\dcdsrvr\log and remote access to the server. If the problem is simply the password in DCD then a TAC engineer will need access to fix it.
Kevin
09-19-2005 04:38 AM
When you try opening DC Directory Administration from the subscriber - are you not able to log in or are you able to log in but do not see any data?
You can use the CCMPwdChanger tool to reset the Directory Manager password:
But that might not be the issue. If name resolution is not working then you will have DC Direcotry issues. Make sure you have both the hosts and lmhosts files populated, on all CCM servers in the cluster including the new server, before you install CCM on the subscriber. This will insure proper installation of DCD on the subscriber and that replication will work.
Kevin
09-19-2005 05:36 AM
No, I could not even log into DC directory. the CCMPwdChanger could work only if I know the old password, unfortunitely I don't.
By the way, all hosts, lmhosts are correct in CCM cluster.
And 'MGRPW' in registry doesn't match with the true DC admin password, so I could not access user Direcotry from CCM admin.
09-19-2005 05:48 AM
The MGRPW in the registry is encrypted. You can use the following command, forom a cmd prompt, to see if the encrypted password matches what you beleive the Directory Manager PW to be:
passwordutils.exe password
More info can be found here regarding this command:
Are you able to log into the DC Directory Administration tool on the Publisher?
And, does the MGRPW on the pub match the results of passwordutils.exe?
Kevin
09-19-2005 06:21 AM
Yes, I did that, the password in "MGRPW" is the same as the one on publisher, and I can use that password to log on DC on publisher without problem. As I said before, this password doesn't match to the true password of DC Directory Manager of subscriber.
09-19-2005 06:48 AM
What version of CCM?
In DC Directory Administrator try setting the Ath Level to none. Do you see cisco.com in the right side pane?
You can also look at the DCD install logs:
C:\Program Files\Common Files\Cisco\Directory\IntegratedSetup.trc
Does you DCD MGR password have any special characters in it?
Kevin
09-19-2005 10:48 AM
It is CCM 4.02a.
As I said, I could not access DC Administration.
integratedSetup.trc doesn't show any clues on what is password for DC. The encrypted 'MGRPW' is the same as the one in publisher. MGR password is Alpha-numeric, no special character.
09-19-2005 12:40 PM
ok, thx for the clarification. I am more concerned as to why the DC Directory is not working since it seems that the installer is able to get the MGRPW from the registry on the pub. The integratedSetup.trc will hopefully show us whether the installation was successful or not.
In my previous post I wanted you to change the authenticaion method to none when logging into DCD Administrator. This will allow you to login without a password but not be able to do anything. You will get a message, just click ok. You should then see cisco.com in the right pane. If you don't see cisco.com then I would suspect an issue with the DCD installation. You won't be able to do anything with cisco.com.
I am trying to make sure the DC Directory is getting installed and if it is that it is a complete installation. Since you have tried this twice I would recommned opening a TAC case, provide the integratedSetup.trc, all of the log files in c:\dcdsrvr\log and remote access to the server. If the problem is simply the password in DCD then a TAC engineer will need access to fix it.
Kevin
09-19-2005 01:22 PM
That works, I accessed without password and saw cisco.com. And changed the directory manager's password, so I could log in "simple' anthentication mode now, but there is no data in there. Is any procedure to sync with publisher DCD?
09-19-2005 01:03 PM
Can you please go thru the following complete procedure and let me know the results.. I know you have done some of this before..
Reset the DCD admin password. Once the DCD admin password is reset, the corresponding encrypted password need to be generated and the registry and ini file(s) need to be updated.
The tool "C:\dcdsrvr\bin\PasswordUtils" can be used to generate the encrypted password. The following registry values, under HKLM\SOFTWARE\Cisco
Systems,Inc.\DirectoryConfiguration, should be updated.
1. DCDMGRPW 2. MGRPW
Also, the value of passwd in C:\dcdsrvr\DirectoryConfiguration.ini need to
be updated.
For CM 4.0 and later, the password need to be updated in
C:\dcdsrvr\Config\UMDirectoryConfiguration.ini also.
For this, run the command "UMEncryptText" from command prompt.
It will generate a file "out.txt" at the folder from which the command was run. Open the "out.txt" and copy the contents after "Text=". This is the
encrypted password.
Now, open the file, C:\dcdsrvr\Config\UMDirectoryConfiguration.ini, using Notepad (do not use any other text editor).
Update the CiscoldapPWd and UserLdapPwd values and save the file.
Finally, restart the IIS Admin service so that the password changes are
reflected when you access the CCM Admin\CCM user pages.
Thanks!
12-11-2013 02:14 AM
You can bruteforce your DC Directory Admin password using c:\dcdsrvr\bin\PasswordUtils.cmd on your CCM Pub:
1. Open regedit on CCM Pub HKLM\SOFTWARE\Cisco Systems, Inc.\Directory Configuration\
2. Find key MGRPW - it's your password, but encrypted. For example: 0e01100d26151201
3. Make it look like 0e-01-10-0d-26-15-12-01 for simplier view.
4. Run "PasswordUtils a". You see "Encrypted Password: 0e. So the first letter of the password is"a"
5. Run "PasswordUtils aa". You see 0e02. It doesn't match.
6. Run "PasswordUtils ab". You see 0e01. It DOES match. So the second letter of the password is"b"
7. Run "PasswordUtils aba". You see 0e0112. It doesn't match.
8. Run "PasswordUtils abb". You see 0e0111. It doesn't match.
9. Run "PasswordUtils abc". You see 0e0110. It DOES match. So the third letter of the password is"c"
10. Run "PasswordUtils abca". You see 0e011008. It doesn't match.
Continue to brute until recover all letters or digits.
Tested on CCM 4.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide