Thanks for responding.

I can't login at all from anywhere, I've even tried the syntax you sent earlier today, but didn't work for both types of accounts.

Do you have anyway to block your UCSM mgmt ports from reaching ldap servers?

See if your local logins work, if the ldap servers aren't reachable from the UCSM (may need to add some temp acls on your upstream mgmt switch the FI mgmt ports plug into.

I guess you could unplug your 1 Gb mgmt ports, while trying to do console test (this may trigger cluster lead failover).

You're at a point you may need to open a TAC case.

As you've indicated you can't login via console, I'm assuming you adjusted your default auth for the console as well... We don't recommend doing that, for the very reason you are experiencing....

Thanks,

Kirk...

I've tried disconnecting the cables and connect a laptop directly to it, but didn't even work, I've even tried rebooting the FI, but didn't help. I didn't knew that it's not recommended to change from local to LDAP, I was just trying to troubleshoot why LDAP isn't working in the first place.

Unfortunately we have no longer gave support contract for that product, is there any other method rather than destroying the fabric settings please?

If all else fails, follow this procedure to log back in:

Instead of following the standard password recovery procedure, only power cycle the subordinate fabric interconnect, break into loader prompt, load the kickstart image and change the password. You are not required to remove the L1-L2 cables.

• Step 1 Connect to the console port.

• Step 2 Power cycle the fabric interconnect: a) Turn off the power to the fabric interconnect. Cisco UCS Manager CLI Configuration Guide, Release 2.2 2 Recovering a Lost Password Determining the Leadership Role of a Fabric Interconnect b) Turn on the power to the fabric interconnect.

• Step 3 In the console, press one of the following key combinations as it boots to get the loader prompt: • Ctrl+l • Ctrl+Shift+r You may need to press the selected key combination multiple times before your screen displays the loader prompt.

• Step 4 Boot the kernel firmware version on the fabric interconnect. loader > boot /installables/switch/ kernel_firmware_version Example: loader > boot /installables/switch/ucs-6100-k9-kickstart.4.1.3.N2.1.0.11.gbin

• Step 5 Enter config terminal mode. Fabric(boot)# config terminal

• Step 6 Reset the admin password. Fabric(boot)(config)# admin-password password Choose a strong password that includes at least one capital letter and one number. The password cannot be blank. The new password displays in clear text mode.

• Step 7 Exit config terminal mode and return to the boot prompt.

• Step 8 Boot the system firmware version on the fabric interconnect. Fabric(boot)# load /installables/switch/ system_firmware_version Example: Fabric(boot)# load /installables/switch/ucs-6100-k9-system.4.1.3.N2.1.0.211.bin

Now when the subordinate boots up, log into it via CLI with your new password and create a user.

UCS-A# scope security
UCS-A /security # create local-user kikipopo
UCS-A /security/local-user* # set account-status active
UCS-A /security/local-user* # set password
Enter a password:
Confirm the password:
UCS-A /security/local-user* # commit-buffer
UCS-A /security/local-user # 

If required, assign an admin, operations, etc role to the new user.

UCS-A# scope security
UCS-A /security # scope local-user kikipopo
UCS-A /security/local-user # create role operations
UCS-A /security/local-user* # commit-buffer
UCS-A /security/local-user # 

**You can use this newly created user to login to UCSM via Virtual IP address and change the 'admin' user password that was lost. Once this is complete, the new password will sync to the subordinate.**

Ok, I've got my self a console cable, hocked it up, got connected, opened the loader very successfully, however, I couldn't figure out what is my kickstart image full name :((((

Pardon me, I am not so familiar with the device, how can I get the image name to be able to load it?

What version of UCSM are you running?

I have an update.

I ran "dir" to get the loaded image, booted it and followed your instructions and here's what happened:

1. I connected my self to FI-B (which is supposed to be the subordinate).
2. changed the "admin" password, rebooted FI and were able to login successfully.
3. created a new used and assigned the "admin" role to it.
4. connected a UTP cable to the management interface of FI-A (which is the primary node).
5. SSHed to it with the new user and i logged in very successfully.
6. got to my office to connect via the web interface, but failed to login with the new user (i am asked to choose a domain by the way, one of them is called "native").
7. failed to SSH to FI-A with neither admin nor the new user account.

Now what :)

UCSM version: 2.2(6d)

You need to follow the same process again and change the local admin password once you login to the GUI so it can sync as the new cluster password. This is only a workaround to retrieve a password and if the password is not changed for admin user, the cluster will re-sync and you lose access again.

Please mark helpful solutions.

**You can use this newly created user to login to UCSM via Virtual IP address and change the 'admin' user password that was lost. Once this is complete, the new password will sync to the subordinate.**

Thanks for supporting me,

I couldn't log into GUI using the new user, I've tried, it works only in CLI and for few minutes till the sync occur  and it never work again till I login to the serial console.

Anyway, I will keep trying and let you know.

You've saved my life. Thank you.

One final request please, I need a step-by-step PDF guide (if available in PDF) for the "How-To" configure auth with AD.

Thanks again.