Wireless Access

I have logged in as password and tried to change the admin password but get the error:

Non-Compliant to Mgmt Passwrod Policy

Internal error occurred, Password validation failed

I've tried to reset the password by guessing comblinations of uppercase/lowercase/special characters/numbers but have had no success.

Does anyone have a suggestion of what else I might try?

You can reset the password by consoling into the controller and following these steps:

User: password
Password: forgetme!
(aruba) >enable
Password: enable
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #mgmt-user admin root
Password:
Retype password:
(aruba) (config) #exit
(aruba) #exit
(aruba) >exit


User: admin
Password:
(aruba) >enable
Password: enable
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #enable secret
Password:
Re-Type password:
(aruba) (config) #write memory

Clembo,

I think OP tried that. If there's a password policy set, he must match it to set a new password.

I found a few other threads with the same experience, but none of them had an answer.

One did imply that he'd have to wipe the configuration.

Anyone know how to change or circumvent the policy?

Thanks Matthew, I see that now.

Try and run the following from the console:

User: password
Password: forgetme!
(aruba) >enable
Password: enable
(aruba) #show running-config | begin password-policy

This may show you the current password-policy for the mgmt users.   If so, try the procedure from ealier with the proper values.

I get the message:

You do not have permission to execute this show command.

Does this mean I need to wipe the configuration, if so how would I do that?

You will first have to reset the password for admin when you use 'password'forgetme!', the ONLY command you are allowed to run is the 

conf t

mgmt-user admin root

<resetpassword>

Then log out and back in with Admin and your new password (enable resets to 'enable') and then you can run whatever commands you want.

I came across this recently after I restored a customers configuration onto a lab controller.

I didn't know their admin password so went through the password recovery feature.  After that I couldn't reset the admin password due to password-policy.

The solution for me was to create a new mgmt-user and log in with that account.  You should then be able to view the config and password-policy.

User: password
Password: forgetme!
(aruba) >enable
Password: enable
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #mgmt-user anotheruser root
Password:
Retype password:
(aruba) (config) #exit
(aruba) #exit
(aruba) >exit

When I try to reset the admin password it fails, because of a password policy:
User: password
Password: forgetme!
(aruba) >enable
Password: enable
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #mgmt-user admin root
Password:
Retype password:
(aruba) (config) #exit
(aruba) #exit
(aruba) >exit

Non-Compliant to Mgmt Passwrod Policy
Internal error occurred, Password validation failed

When I try to create a new users, if fails, because of a password policy:
User: password
Password: forgetme!
(aruba) >enable
Password: enable
(aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(aruba) (config) #mgmt-user anotheruser root
Password:
Retype password:
(aruba) (config) #exit
(aruba) #exit
(aruba) >exit

Non-Compliant to Mgmt Passwrod Policy
Internal error occurred, Password validation failed

When I try to see the password policy, it fails because I don't have permissions to run the command:
User: password
Password: forgetme!
(aruba) >enable
Password: enable
(aruba) #show running-config | begin password-policy

You do not have permissions to execute this show command

do you have a flashbackup from this controller?

Are you trying to use an absurdly complex password? something like:

!QAZ2wsx#EDC4rfv1234QWERasdfZXCV

If that won't work, I'm not sure what your options are short of re-imaging the controller. But using an absurdly long complex password won't work, and without knowing the policy, I'm not sure what's left.

Why don't you use a password generator to exceed all of the possible complexity like this:  https://identitysafe.norton.com/password-generator/# and create a complicated password?

I am having this same issue in a Lab.  It seems to have happened by changing the boot partition.  In my lab im actually going back to an older code revision.  When I got to the older code I couldn't log in, same issue as described, password reset wouldnt work.  I had to go into the cpboot and changed the boot partition back to the code version it was at when user/password was working, got in no problem.  Changed the admin password to a more complex password and changed the boot partition back to the older code version.  Loaded the old code back up, same problem, couldn't log into the controller and couldnt change the mgmt-user admin root due to error mentioned.  I had to wipe the controller on the code version it was working on, change the boot partition to the older code I needed to be on for my lab, then reload into default configuration on the older code.

I agree that this process definitely works.  I have added some small text differences as of 6/2018 on firmware 6.5. 

I found that running the "minimal-setup" on bootup will get you stuck vs "full-setup".  I am not running the FIPS version of the firmware which is mentioned in many articles.

 "Non-compliant to management password policy"

######################

To clear the configuration

Hit any key to stop autoboot:  0 
cpboot> 
cpboot> setenv cfgfile default1.cfg
cpboot> saveenv
cpboot> bootf

After I ran the 'full-setup' wizard and rebooted, I had to go into cpboot again and change the cfgfile back.

Hit any key to stop autoboot:  0 
cpboot> 
cpboot> setenv cfgfile
cpboot> saveenv
Saving Environment to Flash...

cpboot>bootf

I got cpxboot not cpboot ? How can I do ? 

Thank you,