08-16-2011 06:52 AM - edited 03-21-2019 04:31 AM
Hello!
Help me please to clear admin password on SPA 303
For now I can't to configure the phone because admin password defined
Factory reset also impossible to do....
How to perform factory reset without admin password? by some keys press or other procedure?
FW version 7.4.5
HW ver 1.0.0
08-31-2011 10:36 AM
There is no factory reset avail without that admin pw.
What you can do is, run a wireshark trace when the phone is restarted. If the phone is trying to hit the provisioning server for its resync, you can find out what file the phone is trying to pull. Then modify that file on the provisioning server and change or blank out the admin password. When the phone has completed downloading that file, the admin password will have been changed.
09-30-2011 12:13 AM
Thank you for answer.
I tried to do it but unsuccessful
When SPA303 coming up after reset it takes configuration ("hostname".cnf.xml) file from TFTP
I put renamed to "hostname" template configuration file on TFTP there is admin passwd is empty
Phone download this file but do nothing after
Maybe something wrong in file?
Can you give me sample of xml file?
SW version of SPA303 is 7.4.5
09-30-2011 09:01 AM
The following link shows an example which contains the Admin_Passwd in xml file.
10-06-2011 03:05 AM
Thank you!
Good description.
I did it step by step but there is some trouble
SPC have no version 7.4.5. It start from 7.4.6
I prepared xml manualy like below:
After I put this file on TFTP and capture TCP traffic for look what happens
I saw that phone download this file from TFTP and do nothing after
When I trying to perform Factory reset via phone MENU ADMIN password required again
10-06-2011 09:15 AM
The filename for "hostname".cnf.xml is for the spcp setup.
The default filename that it looks for the sip setup is spa$PSN.cfg, in this case it should be spa303.cfg. Do you see that in the trace? If so, rename the file to spa303.cfg and see if that works.
10-06-2011 11:10 PM
Dear nseto, I see only "hostname".cnf.xml
10-07-2011 07:20 AM
Hi Alexander,
As an addition to what Nelson said, the phone, in SIP-mode looks for /spa$PSN.cfg
Take note that there is a forward slash "/" meaning the root of the server offering the /spa303.cfg file.
You must have a DHCP server on the network that will respond to the phone when the phone sends out a DHCP DISCOVER. The DHCP server must supply OPTION 66 [or 150, 159, or 160] which points to the server. [TFTP to keep things simple]
When the phone receives a DHCP offer that contains an OPTION 66, the phone knows that it can get its provisioning file/s from a server and will then send out a request.
As Nelson said, a factory-fresh phone will look for /spa303.cfg
A phone that may have been previously provisioned will look for whatever file it has been previously configured to look for. This is why you would run a Wireshark trace to monitor the phone's requests during boot up. [It will not request SIP-based configuration files if no DHCP OPTION 66 [or 150, 159, or 160] with a valid IP address are received.
This may help you better understand the phone's boot process:
Regards,
Patrick
----------
Use this reference document to locate SPA phone resources
10-10-2011 05:03 AM
Dear Patrick,
Thank you for detailed information how it should to boot up
But in my case phone (SPA303) doesn't like to do it
In DHCP discover he asking TFTP name/address - options 66 & 150
DHCP server sent him correct TFTP name (my PC addr there is TFTP server activated)
but SPA303 asking TFTP on my router's address in the LAN
OK., I activated TFTP server on our router and put config file there
SPA303 asking the file and download it but admin password doesn't clear.
05-16-2016 04:41 AM
Hi Patrick,
I read your writing to the SPA5x phones.
There are many things I learned excellent writing.
Unfortunately not helped to solve the admin password problem.
How to open pass locked, forgot admin pass SPA502G and 504G phones?
The phone asks for and receives an IP address.
But do not try to download anything.For example spa504G.cfg.
I'm looking at the phone's IP traffic, but there does not seem to ask for the phone trying to file.
Please help me.
Thank you
Tony
05-16-2016 06:20 AM
Phone my be configured not to load a remote configuration. In such case you can't reconfigure it this way. Unfortunately, if "reset to factory defaults" is password protected and phone load no remote configuration you are out of luck.
Brute force is your only chance.
05-16-2016 07:24 AM
Ok Dan,
Thanks. What is the brute force procedure?
If you do not want to write, you write your privat address.
antal.vincz(at)gmail(dot)com
Tony
05-16-2016 07:33 AM
"Brute force" method is "try all possible passwords one by one". You need to create script that will try to login to real phone.
It may take very long time. Even many years. So you may consider it no solution for you.
If you have just few phones, forgot them and buy new one. If you have many phones, call your previous administrator and offer them a money if he will disclose the password he configured.
So sorry for those bad news ...
05-16-2016 09:24 AM
That's not an option.
I do not think so throroughly Cisco users.
Even if the small business category.
05-16-2016 01:44 PM
The device can be configured and locked the way preventing unauthorized user to use it. I consider it valuable feature, not bug.
The phone administrator decided to configure the lock of such kind and it's decision is just honored. No way the unauthorized person can override the decision.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide