Reset webadmin and root password sur un Sophos UTM 9

 

How to Reset Sophos UTM Passwords (WebAdmin, Root and Loginuser)

So you can’t login to the Sophos UTM WebAdmin interface anymore. It happens. Perhaps you’ve made a configuration change and locked yourself out, or perhaps you’ve just forgotten your password. I locked myself out a couple of times when playing around with the new 2 Factor Authentication feature in the Sophos UTM 9.2 Beta.  Don’t worry, here’s the steps to reset your password.

You’ll first need a direct console into Sophos UTM. For hardware appliances, plug in a monitor and keyboard, or for Virtual Appliances open up your virtualization system’s management console for the Virtual Machine.

Sophos UTM Console 

Once you have a console open, try to login as the root user.

Sophos UTM Root Login Incorrect 

Yep, locked out alright! So lets go ahead and reset the root user password. Then we can go about resetting the password for the WebAdmin user as well.  If you can login as root, jump to Resetting the Web Admin Password below.

Reset Sophos UTMs Root User Password

To reset the root password:

  1. Ensure you have a monitor and a keyboard connected to the Sophos UTM and restart the UTM.
  2. Press the ESC key as the Sophos UTM starts to boot. You’ll soon see the GNU GRUB screen:
    Sophos UTM GNU GRUB Loader
  3. Ensure the current Sophos UTM version is highlighted (should be the top option).  Do NOT select the ones that say ‘previous’ or ‘rescue’.
  4. Press the ‘e‘ key (don’t press Enter!).
  5. Use the arrow keys to highlight the second option that starts with the word ‘kernel‘:
    Sophos UTM Kernel Boot Option
  6. Again, press the ‘e‘ key on the keyboard
  7. The cursor should be at the end of a string of text. Add this to the end:
    init=/bin/bash

    Sophos UTM init=/bin/bash

  8. Press Enter to return to the previous screen, then press the ‘b‘ key on the keyboard to reboot the Sophos UTM.
  9. Once the UTM boots, the cursor will be at a command promptSophos UTM Command Prompt
  10. Now we finally get to reset the password. Type: passwd loginuser
  11. Enter and re-enter a new password for the ‘loginuser’ account.
  12. Type: passwd root
  13. Enter and re-enter a new password for the root account.
    Sophos UTM Resetting the Root Password
  14. Press Ctrl+Alt+Del to reboot the Sophos UTM.

You have now reset both the loginuser and root passwords. Once the UTM has rebooted, check that the root password works by logging in as the root user.

Sophos UTM Successful Root Login

Reset Sophos UTM WebAdmin Password

Now we have regained access to the root user login, we can reset the WebAdmin password.

  1. Ensure you are still logged in as root as per the last step above.
  2. Type cc at the prompt. This will take you to another prompt starting with 127.0.0.1 MAIN >
    Sophos UTM CC Command
  3. Type RAW. This will switch you to RAW mode.
    Sophos UTM RAW Mode
  4. Type system_password_reset
    Sophos UTM system_password_reset
  5. Browse to the WebAdmin Interface. You will notice it is now asking you to set the password.
    Sophos UTM WebAdmin Password Reset
  6. Enter your new password into each box and hit Apply. You’ll then be directed to the usual WebAdmin login page
    Sophos UTM WebAdmin Login Page
  7. Enter your shiny new credentials, and if everything went to plan, you should be logged in!

source : Fastvue Sophos Reporter

Active Directory authentication fails when vCenter Single Sign-On 5.5 runs on Windows Server 2012 and the AD Domain Controller is also on Windows Server 2012 (2060901)

Symptoms

  • Users cannot authenticate with a vCenter Single Sign-On (SSO) 5.5 system that is installed on Windows Server 2012 when this system is joined to an Active Directory domain controller also running on Windows Server 2012.
  • Users receive this error message when trying to log in through the vSphere Web Client:

    Cannot Parse Group Information

  • This issue occurs only in environments where BOTH of these conditions apply:
    • vCenter SSO 5.5 is running on Windows Server 2012, and
    • vCenter SSO 5.5 joined an Active Directory Domain with a Domain Controller that is running on Windows Server 2012.
  • This article does not apply if:
    • The vCenter SSO 5.5 machine is running on Windows Server 2008 or Windows Server 2008 R2 joined to any supported Active Directory Domain version.
    • The vCenter SSO 5.5 machine is running on Windows Server 2012 and the Active Directory domain is running on Windows Server 2008 (and R2).
    • The vCenter SSO 5.5 machine is installed as the vCenter Server Appliance joined to any supported Active Directory Domain version.
    • You are running vCenter SSO versions earlier than 5.5.

Resolution

This issue is resolved in vCenter Server 5.5.0a, available at VMware Downloads. For more information, see the VMware vCenter Server 5.5.0a Release Notes.

To work around this issue on vSphere 5.5 GA (Build Number 1312298), replace the %WINDIR%\System32\idm.dll file on all systems running vCenter SSO 5.5 with the idm.dll file attached to this KB article.

Note: The attached idm.dll file is provided by VMware. It is tested and verified by VMware engineering. If you experience issues after replacing the dll file, contact VMware Technical Support.

To replace the idm.dll file on the Windows Server 2012 running SSO 5.5:

  1. Ensure that you are logged in as an administrator
  2. Stop the VMware Identity Management Service on the vCenter SSO server. For more information, see Stopping, starting, or restarting vCenter services (1003895).

    Note: This step also stops the VMware Secure Token Service.

  3. Back up the existing idm.dll by copying %WINDIR%\System32\idm.dll to %WINDIR%\System32\idm.dll.orig.
  4. Download the idm_patch09252013.zip attached to this article. It contains the replacement idm.dll.
  5. Run md5 checksum on the downloaded idm_patch09252013.zip. The md5 checksum should match the MD5 checksum in the note below.
  6. Decompress the zip file to a temporary location then copy the idm.dll to %WINDIR%\System32\.
  7. Confirm that you have both new (idm.dll) and old (idm.dll.orig) in the %WINDIR%\System32\ Directory.
  8. Start the VMware Secure Token Service on the vCenter SSO server. For more information, see Stopping, starting, or restarting vCenter services (1003895).x

    Note: This step also starts the VMware Identity Management Service.

After replacing the dll and restarting services, the initial AD login may take longer than normal to authenticate.
source : KB Vmware
vmware_vsphere

VMware vSphere web client – Error 1053: The service did not respond to the start or control request in a timely fashion

Was unable to start the VMware vSphere Web Client after upgrading from 5.1 to 5.5 (it’s same after restore a vcenter 5.5)

Noticed that the VMware Vsphere web client service wasn’t started.
Tried manually via Services.msc got the following error;
Windows could not start the VMware Vsphere web client service on local computer.
Error 1053: The service did not respond to the start or control request in a timely fashion.

Explanation

I realized that the folders in the new version installation had changed and for that reason paths should be changed also.

Resolution

Check your Registry value for hkey_local_machine\system\currentcontrolset\services\vspherewebclientsvc:

“C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\bin\wrapper.exe” -s “C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf” set.default.SERVER_HOME=C:\Program Files\VMware\Infrastructure\vSphereWebClient\server set.default.JMX_PORT=9875

Look at these value and confirm that the WRAPPER file is located and accessible on the path mentioned above.

Always backup your registry before making changes.

For me I had to change the port (see below) for it to work, for others I have seen it is due to the path being incorrect or inaccessible. (with quote because Program Files have a space in name)

“C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\bin\wrapper.exe” -s “C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf” set.default.SERVER_HOME= »C:\Program Files\VMware\Infrastructure\vSphereWebClient\server » set.default.JMX_PORT=9877

Restart the server.

source :https://payze.wordpress.com

 

vmware_vsphere

Facebook Auto Publish Powered By : XYZScripts.com