cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect

ACS 5.x: CLI Password Recovery Procedure

44484
Views
5
Helpful
6
Comments

 

Introduction

 

This document describes how to recover lost command line administrator credentials on the Access Control System 5.x (ACS 5.x). The procedure illustrated in this document is based on Cisco ACS 5.3.

 

Requirements

 

Readers of this document should be aware of these conditions.

  • Before you begin the procedure, ensure that you have a successful serial console or keyboard/monitor connection to the ACS 5.x. The baud rate used is 9600 on the serial connection. 
  • You must have the ACS 5.x Recovery DVD in order to perform this procedure. In order to obtain a recovery DVD, you need to contact Cisco TAC.

 

Step-by-Step Procedure

 

Complete these steps to reset the CLI administrator account.

 

   1. Insert the ACS 5.x Recovery DVD into the DVD drive of ACS.

 

   2. Reboot the ACS 5.x.

 

     The console displays:

 

Welcome to Cisco Secure ACS 5.1 Recovery - CSACS 1121

 

To boot from hard disk press <Enter>

 

Available boot options:

[1] Cisco Secure ACS 5.1 Installation (Keyboard/Monitor)

[2] Cisco Secure ACS 5.1 Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

 

<Enter> Boot from hard disk

 

Please enter boot option and press <Enter>.

 

boot:

 

   3. To reset the administrator password, at the system prompt, enter 3 if you are using a keyboard and video monitor, or enter 4 if you are using a serial console port.

 

   4. The console displays the name of all the administrators configured on the ACS 5.x

 

Admin username:

 

[1]:david

 

[2]:john 

 

Enter number of admin for password recovery:

 

   5. Enter the number against the adminstrator username of which you want to reset the password. For the user "david", enter 1 at the prompt.

 

   6. Enter the new password for the administrator account and verify it. Enter Y to save the new password.

 

Password:

 

Verify password:

 

Save change&reeboot? [Y/N]:

 

   7. Now, remove the ACS 5.x Recovery DVD and reboot the ACS.

 

Related Information

 

You can refer to the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.3 for more information on this subject.

Comments
Beginner

I already dit the following step, but why i cannot login with recovered password ??

Beginner

Ran into the same issue today. Did you ever get in or did you end up rebuilding?

Cisco Employee

Hi James,

What is the ACS versions you are using ?

Thanks

VenkataKrishna

Beginner

5.8.0.32

I've tried using the ACS 5.8.0.32 ISO and the Recovery.iso that TAC provided.
I have the same result on all three SNS-3415s  (two production, one lab).

The menus all work, it displays the appropriate administrator accounts, it prompts for a new password and verification and prompts to save.
I then select (q) to reboot and find myself with the same password I had before attempting the recovery.

I was hoping that afdhalalhabsy had found a solution.
I'll start my own thread and solicit advice from the group.

Cisco Employee

Hi James,

We have bug(CSCuy45998) for it .Please install patch4 and try for it .

Thanks

VenkataKrishna

Please rate helpful posts and mark correct answers.

Hi good article,

 

But, the recovery password makes the config of tacacs get lost too?