Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

AMPADMIN and AMPRECOVERY expired?

This thread has been viewed 98 times

  • 1.  AMPADMIN and AMPRECOVERY expired?

    Posted Jan 09, 2020 01:06 PM

    I was attempting to login to my AMP 8.2.10.0 installation with AMPADMIN when I recieved the error:

     

    Your account has expired; please contact your system administrator

    Authentication toekn expired

     

    I then tried to login with AMPRECOVERY and received the same error. Any idea what is going on?



  • 2.  RE: AMPADMIN and AMPRECOVERY expired?
    Best Answer

    EMPLOYEE
    Posted Jan 10, 2020 03:26 AM

    Did you changed amprecovery password during upgrade or installation? Default password is recovery, if it still throwing same error with default password, open TAC ticket. We need to get in to resuce mode and reset password.



  • 3.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Jan 10, 2020 10:08 AM

    The recovery password was not changed and when attempting to login with it I receive the same error. I'll open a TAC case but what caused/causes this?



  • 4.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Jan 16, 2020 02:48 PM

    FYI - a TAC case was opened, they informed me this is the new norm, all passwords expire every 90 days. Had to boot off of CentOS DVD and use the recovery to reset.



  • 5.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Jan 16, 2020 02:55 PM

    The issue is on 8.2.10.0 version only. With 8.2.10.1 (already released), AMP CLI and AMP recovery password wont expire like in pre 8.2.10 releases.  I would suggest to upgrade to 8.2.10.1 whenever possible to avoid this issue.



  • 6.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Mar 15, 2021 04:29 PM
    I have this issue now with 8.2.11.0, so it would seem the issue remains.

    ------------------------------
    Bryan Tetlow
    ------------------------------

    Original Message


  • 7.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Jun 10, 2021 05:16 AM
    I have the issue with 8.2.11.2! Again.... ;(

    ------------------------------
    Marco Ziolkowski
    ------------------------------

    Original Message


  • 8.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Aug 19, 2022 09:17 AM
    I am on 8.2.14.1 and my passwords expired
    Original Message


  • 9.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Aug 19, 2022 09:47 AM
    Please open a TAC case, they can help to reset and enable the ampadmin password.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 10.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Oct 26, 2022 08:18 AM
    @Gowri Amujuri I have two questions.  If I am able to log into CLI with another admin account is there a command I can run to see if the accounts are expired?  And if they are can I update the expired account from CLI.​
    Original Message


  • 11.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Oct 26, 2022 09:28 AM
    you can boot from an centos-7 dvd and reset the password from the rescue mode with "passwd ampadmin"
    (important: not press "ok" on install; you have to go to troubleshooting and then to the rescue mode)
    - rescue mode
    - shell
    - chroot /mnt/sysimage
    - sudo bash
    - root
    - passwd ampadmin
    - exit exit and reboot
    Original Message


  • 12.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Oct 26, 2022 10:00 AM
    you can also use Airwave iso image to perform the above steps.

    ------------------------------
    Regards
    Gowri Amujuri
    ------------------------------

    Original Message


  • 13.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Oct 26, 2022 10:09 AM
    @m.ziolkowski  -  Thanks.  Would be a challenge for me.  In our situation Airwave runs on a VM in a remote datacenter.  Not even a CD on site.  But we will figure it out if ever needed.   Airwave is not user impacting so would not be a big deal if down for a few days for us.​
    Original Message


  • 14.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Oct 26, 2022 10:16 AM
    Alan, 
    VM is bit easier - you can download the iso to PC and from VM console, Edit the Airwave VM instance for option - boot from CD/DVD and select the iso from your PC and boot the instance to follow the steps mentioned.

    ------------------------------
    Regards
    Gowri Amujuri
    ------------------------------

    Original Message


  • 15.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Oct 26, 2022 10:17 AM
    You dont have to use CD. if you have vcenter you can mount the iso from here. Speed may depend on connectivity.

    ------------------------------
    Vishnu Mannil
    Aruba ERT

    If my post addresses your query, give kudos :)
    ------------------------------

    Original Message


  • 16.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Oct 26, 2022 09:51 AM
    Hi Alan,

    There is no direct command to see the expiry of passwords. This shouldn't happen actually for non FIPS Airwave image. 
    However, if you have ampadmin password you can reset the ampadmin and amprecovery password from CLI menu

    ------------------------------
    Regards
    Gowri Amujuri
    ------------------------------

    Original Message


  • 17.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Jan 17, 2020 04:02 AM

    It is 60 days not 90 days and as suggested by Gowri, upgrade server to latest code.



  • 18.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Jan 27, 2020 08:19 AM

    I have the same issue; my system access is gone. Can you please explain a little bit more what means "Had to boot off of CentOS DVD and use the recovery to reset." I downloaded a CentOS version 7 iso image and watched some videos. But they are talking always about to reset the root user which is not existing on AirWave. Can you maybe provide a link to a quickref?

     

    Thank you for helping

    Marcello



  • 19.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Jan 27, 2020 09:12 AM

    We can also use 8.2.10 ISO image to get in to resuce mode. I would suggest to open TAC ticket, on public fourm it is not possbile to provide steps on how to get in to rescue mode and reset password as we know root access is blocked.

     

     



  • 20.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Jan 28, 2020 09:14 AM

    Okay, will open a TAC case for this. Thanks

    @Pavan Arshewar wrote:

    We can also use 8.2.10 ISO image to get in to resuce mode. I would suggest to open TAC ticket, on public fourm it is not possbile to provide steps on how to get in to rescue mode and reset password as we know root access is blocked.

     

     

     



  • 21.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Sep 08, 2022 08:17 AM
    The issue is on 8.2.10.0 version only. With 8.2.10.1 (already released), AMP CLI and AMP recovery password wont expire like in pre 8.2.10 releases.
    Original Message


  • 22.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Sep 08, 2022 11:25 AM
    I have 8.2.14.1 and my password expired.
    Original Message


  • 23.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Oct 25, 2022 05:15 PM
    I have 8.2.14.1 too what a useless feature expiring your only access to cli on airwave... 
    Original Message


  • 24.  RE: AMPADMIN and AMPRECOVERY expired?

    Posted Oct 26, 2022 06:40 AM
    Since I couldn't do an SCP to recover the key through Amprecovery, I had to reinstall AirWave. I did notice that in AmpAdmin after the istall that the setting for the timeout of this was not set, even though the note displayed said something to the effect of 60 days. I verified through my Federal contact in Aruba that it is not set by default, so I left it as it was. I just hope they are correct and 60 or so days from now it doesn't expire. Lesson learned from this, copy your daily backups to an external source so discovery doesn't have to start over again and you lose your history. Backup your maps, floorplans, everything to an external source - then if by chance one day you cannot login and are forced to do a reinstall, you have the latest (or close to it) data.
    Original Message


  • 25.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Oct 26, 2022 08:06 AM
    Agree, and it should not happen as mentioned above with recent versions. Please reach out to Aruba support as that is the path to get things resolved, for you in the short term, but also for everyone in the long term.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 26.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Oct 26, 2022 10:03 AM
    We have notified engineering on this and also mentioned about about reoccurences.

    ------------------------------
    Regards
    Gowri Amujuri
    ------------------------------

    Original Message


  • 27.  RE: AMPADMIN and AMPRECOVERY expired?

    EMPLOYEE
    Posted Nov 03, 2022 12:12 PM
    Hi All,

    Had a conversation with Engineering and here are the findings from the code:

    AMPadmin password expiry in Regular AirWave installs is set at 99999 days by default.

    AMPadmin password expiry in STIG AirWave install is set to 60 days.  This is based on STIG requirements and we do not have option to increase the validity as it violates the STIG requirements. So, this has to be updated before 60 days. Engineering is going to add default alerts from 7 days to warn users on UI. This will be part of 8.2.15.1 AirWave release.

    AMPRecovery  password should never expire in Regular or STIG Airwave installs.

    If any password expires out of the above 3 conditions, please open a TAC case and Engineering would like to take a look.

    ------------------------------
    Regards
    Gowri Amujuri
    ------------------------------

    Original Message