Q: AA The spsadmin password recovery account for EdgeConnect appliances has been removed. Here is a comprehensive list of password recovery options by version.
A: Starting from ECOS 8.1.9.12 and 8.3.0.4, the spsadmin account used for password recovery on the console of EC appliances has been removed and is no longer available for use. This has been done to address CVE-2014-2974. If the admin password becomes lost or unknown, you can attempt to reset the password from the Orchestrator using one of the following four options:
- Login to Orchestrator, right-click on the appliance > CLI Session. Then type "enable", "config t" and then "username admin password xyz"
- Login to Orchestrator, right-click on the appliance > Appliance Manager > Administration > Users and change the password for the admin account there
- Login to Orchestrator, Administrator menu > Users > select appliance and username, then edit the password.
- Login to the appliance web interface or CLI using RADIUS/TACACs if configured.
Primarily, the instructions below are for hardware appliances. Virtual appliances should be redeployed from installation package (OVA etc).
The table below shows the full list of possible recovery options by version:
| ECOS Version |
spsadmin present? |
Recovery Options |
8.1.9.11 or earlier
8.3.0.0 - 8.3.0.3 |
Y |
- Reset admin password from Orchestrator using the options above, if available and appliance is connected to it.
- spsadmin account with pre-set password is available only using physical or virtual console.
|
8.1.9.12+
8.3.0.4 - 8.3.0.7
8.3.1.0 - 8.3.1.1 |
N |
- Reset admin password from Orchestrator, if available and appliance is connected to it.
- Reboot appliance and from the console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password.
- If neither of the above two options work, RMA is the only option left.
|
8.3.0.8+
8.3.2.0+
9.0+ |
N |
- Reset admin password from Orchestrator, if available and appliance is connected to it.
- Reboot appliance and from console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password.
- Factory Reset option available from boot loader. See process below.
|
Boot Loader Factory Reset process for ECOS 8.3.0.8+, 8.3.2.0+ and 9.0+
For hardware only appliances, the boot process on the console can be interrupted and the following steps performed (images on the left are for older versions of Grub and on the right newer Grub versions):
- Press a cursor key to interrupt the automated boot and using up or down select the version you wish to use. Choose from either 0 or 1 (or first or second line).
- Press “e” to edit boot option at the GRUB menu, then press the down cursor key until the last line reads “Highlighted entry is 1” (left image) or until the cursor reaches the line starting 'initrd' then press the left cursor button (right image)
- Press “e” to edit the line
- Press the spacebar once and then type: FactorYReseT
- Note the above is case sensitive, caps are mixed with small case.
- Press the “enter” key (left image for older Grub). The screen should look similar to the below. For newer grub, skip this step and move on to 6:
- Press “b” to boot (older Grub) or F10 to boot (newer Grub).
- You should briefly see ‘Rebooting appliance to factory reset’ and the appliance will then boot up and the hostname will change to silverpeak-abcde or similar.
The process is complete.