Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
152
Views
0
Helpful
2
Replies

Unable to change password on vManage after attached template - 20.12.5

luisca12_
Level 1
Level 1

‎07-15-2025 09:34 PM

Hello community,

So I ran into this problem where I have my default admin password and never changed it. On the GUI I always had a warning about using the default password. I tried to change it before but for some reason, I couldn't, so I just ignored it.

I attached my vManage to a template, and then got a message requesting me to reset my password:

luisca12__0-1752639919457.png

Error message: User operation not allowed in vManage mode. Verify device attachments for all nodes in the cluster. While in vmanage-mode, password can be changed only through device template.

Manager version: 20.12.5

So I disconnected the VPN0 circuit, and I can make any change on CLI for now. I tried to change the password on CLI for admin user, tried to add a new user, and even tried using APIs, but every time it would redirect to https://<managerIP>/passwordReset.html

I think I need to rebuild my vManage node, but please let me know if there's anything else I can do or any advice to avoid this issue in the future.

0 Helpful
2 Replies 2

Jeongjun Park
VIP
VIP

‎07-16-2025 08:32 AM

Hello.

Can you log in to vManage with Admin Account ?

If yes, try

- Detach device templates from vManages.

- Navigate Administration > Manage users > edit. and Change password.

 

I recommend you to enter Administration > Manage users to add, edit, delete users.

You dont have to attach device template to vManage.

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/vedge-20-x/systems-interfaces-book/user-access-authentication.html#c-Manage_Users-12274

 

Avoid this issue and enjoy SD-WAN !

 

Please remark this as a solution If this is helpful.

0 Helpful

wajidhassan
Level 4
Level 4

‎07-16-2025 08:34 AM

It looks like you’re dealing with a situation where the password reset is being enforced by vManage’s configuration mode (vManage Mode), which is typically used in template-based configurations. In vManage Mode, the password change is restricted, and you can only make changes through the device template. When your vManage is in this mode, direct changes to the password or adding new users through the CLI are often blocked, as you've experienced.

Here's a structured approach to resolve the issue and prevent this from happening in the future:

Steps to Resolve the Issue:
1. Try Resetting the Password through the Device Template
Since you are getting the message that the password can only be changed via the template, you can follow these steps to reset the password via the template:

Navigate to the vManage GUI and log in with your admin credentials (even though it's the default password).

Go to the Configuration section.

Under Templates, you should see your Device Template.

Edit the Device Template associated with your vManage instance. Look for the System Configuration or Device Settings.

Change the password field in the template for the admin user.

Apply the template again to your vManage instance, and it should push the password update successfully.

This method works because in vManage Mode, the device is locked into configuration via templates, so changes must be applied in the template and then propagated to the device.

2. Rebuild vManage if the Above Method Fails
If the template-based password reset does not resolve the issue or you're unable to access the GUI for any reason, then rebuilding the vManage node would be the next step.

Backup your vManage Configuration (if possible) using vManage backup commands.

Rebuild your vManage instance by reinstalling the software and restoring the configuration. You may need to reinstall the vManage software from scratch and reconfigure it.

You should avoid rebuilding unless absolutely necessary, as this will require reattaching all your devices, resetting the configuration, and re-applying templates.

3. Access vManage Using Local Admin Account (CLI or GUI)
If you have SSH access to the CLI, try using the following steps:

SSH into the vManage CLI with your default admin credentials.

Try the following commands to reset or add a new user. However, if vManage is in vManage Mode, you may be blocked from these commands:

shell
Copy
Edit
request user admin password-reset
If it redirects to the password reset page, that's because the changes are not allowed in vManage Mode unless applied through templates.

4. Ensure the vManage is Not in “vManage Mode” When Modifying Credentials
To avoid this situation in the future, you might want to ensure that vManage Mode isn’t locked down for system management:

Disable vManage Mode (only if appropriate for your environment), if possible, by switching to Operational Mode or using a mode that allows local management of configurations.

shell
Copy
Edit
system mode operational
However, keep in mind that disabling vManage Mode may impact certain configuration flows (for example, template-based configuration management in a multi-device setup).

Preventive Measures for the Future:
To prevent this from happening again, here are a few best practices:

Change the Default Admin Password Immediately: As per your initial comment, you still have the default admin password. It is very important to change this password for security reasons, especially once you've successfully reset it.

You can do this directly in the GUI (once you have access) or through the CLI when the system is in operational mode.

Backup Configurations Regularly: Ensure that you regularly back up your vManage configuration, including your templates and device settings. This helps you recover quickly in case of issues like the one you're experiencing.

Enable Logging and Monitoring: Set up alerts for any system changes, especially for password and user-related modifications. Use monitoring tools to track vManage status and ensure that there are no unexpected errors or lockouts.

Control User Access: Make sure that user roles and permissions are configured properly so that only authorized users can make changes to the system, especially when it comes to critical configurations like user management and passwords.

Use Secure Authentication Methods: Enable two-factor authentication (2FA) for an additional layer of security and ensure that the default admin account is not used for daily operations.

Summary:
Reset the password using the Device Template associated with the vManage.

If the template method fails, consider rebuilding vManage and restoring from a backup.

Avoid vManage Mode for more direct control over configurations in the future.

Backup configurations regularly, change default passwords immediately, and apply strict access control to prevent issues like this going forward.

0 Helpful
Customers Also Viewed These Support Documents