EC admin password recovery

View Only

last person joined: 4 days ago

Forum to discuss HPE Aruba EdgeConnect SD-WAN and SD-Branch solutions. This includes SD-WAN Orchestration WAN edge network functions - routing, security, zone-based firewall, segmentation and WAN optimization, micro-branch solutions, best practics, and third-party integrations. All things SD-WAN!

Back to discussions

Expand all | Collapse all

EC admin password recovery

This thread has been viewed 36 times

1. EC admin password recovery

Kudos

EMPLOYEE

Khwaja Mohammed

Posted May 12, 2023 09:49 AM

Starting from ECOS 8.1.9.12 and 8.3.0.4, the spsadmin account used for password recovery on the console of EC appliances has been removed and is no longer available for use. This has been done to address CVE-2014-2974. If the admin password becomes lost or unknown, you can attempt to reset the password from the Orchestrator using one of the following four options:

Login to Orchestrator, right-click on the appliance > CLI Session. Then type "enable", "config t" and then "username admin password xyz"
Login to Orchestrator, right-click on the appliance > Appliance Manager > Administration > Users and change the password for the admin account there
Login to Orchestrator, Administrator menu > Users > select appliance and username, then edit the password.
Login to the appliance web interface or CLI using RADIUS/TACACs if configured.

Primarily, the instructions below are for hardware appliances. Virtual appliances should be redeployed from installation package (OVA etc).

The table below shows the full list of possible recovery options by version:

ECOS Version	spsadmin present?	Recovery Options
8.1.9.11 or earlier 8.3.0.0 - 8.3.0.3	Y	Reset admin password from Orchestrator using the options above, if available and appliance is connected to it. spsadmin account with pre-set password is available only using physical or virtual console.
8.1.9.12+ 8.3.0.4 - 8.3.0.7 8.3.1.0 - 8.3.1.1	N	Reset admin password from Orchestrator, if available and appliance is connected to it. Reboot appliance and from the console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password. If neither of the above two options work, RMA is the only option left.
8.3.0.8+ 8.3.2.0+ 9.0+	N	Reset admin password from Orchestrator, if available and appliance is connected to it. Reboot appliance and from console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password. Factory Reset option available from boot loader. See process below.

Boot Loader Factory Reset process for ECOS 8.3.0.8+, 8.3.2.0+ and 9.0+

For hardware only appliances, the boot process on the console can be interrupted and the following steps performed (images on the left are for older versions of Grub and on the right newer Grub versions):

Press a cursor key to interrupt the automated boot and using up or down select the version you wish to use. Choose from either 0 or 1 (or first or second line).

Press “e” to edit boot option at the GRUB menu, then press the down cursor key until the last line reads “Highlighted entry is 1” (left image) or until the cursor reaches the line starting 'initrd' then press the left cursor button (right image)

Press “e” to edit the line
Press the spacebar once and then type: FactorYReseT
1. Note the above is case sensitive, caps are mixed with small case.

Press the “enter” key (left image for older Grub). The screen should look similar to the below. For newer grub, skip this step and move on to 6:

Press “b” to boot (older Grub) or F10 to boot (newer Grub).
1. You should briefly see ‘Rebooting appliance to factory reset’ and the appliance will then boot up and the hostname will change to silverpeak-abcde or similar.

The process is complete.

2. RE: EC admin password recovery

Kudos

diegoisra

Posted Aug 21, 2023 01:44 PM

Hi, I have an EC-US and when I get to step 2, it does not allow to type 'e'. It only shows the option to boot or to press 'p' to input some password which we don't know what password it reffers to.

Original Message

Original Message:
Sent: May 12, 2023 12:00 AM
From: Khwaja Mohammed
Subject: EC admin password recovery

Starting from ECOS 8.1.9.12 and 8.3.0.4, the spsadmin account used for password recovery on the console of EC appliances has been removed and is no longer available for use. This has been done to address CVE-2014-2974. If the admin password becomes lost or unknown, you can attempt to reset the password from the Orchestrator using one of the following four options:

Login to Orchestrator, right-click on the appliance > CLI Session. Then type "enable", "config t" and then "username admin password xyz"
Login to Orchestrator, right-click on the appliance > Appliance Manager > Administration > Users and change the password for the admin account there
Login to Orchestrator, Administrator menu > Users > select appliance and username, then edit the password.
Login to the appliance web interface or CLI using RADIUS/TACACs if configured.

Primarily, the instructions below are for hardware appliances. Virtual appliances should be redeployed from installation package (OVA etc).

The table below shows the full list of possible recovery options by version:

ECOS Version	spsadmin present?	Recovery Options
8.1.9.11 or earlier 8.3.0.0 - 8.3.0.3	Y	Reset admin password from Orchestrator using the options above, if available and appliance is connected to it. spsadmin account with pre-set password is available only using physical or virtual console.
8.1.9.12+ 8.3.0.4 - 8.3.0.7 8.3.1.0 - 8.3.1.1	N	Reset admin password from Orchestrator, if available and appliance is connected to it. Reboot appliance and from the console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password. If neither of the above two options work, RMA is the only option left.
8.3.0.8+ 8.3.2.0+ 9.0+	N	Reset admin password from Orchestrator, if available and appliance is connected to it. Reboot appliance and from console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password. Factory Reset option available from boot loader. See process below.

Boot Loader Factory Reset process for ECOS 8.3.0.8+, 8.3.2.0+ and 9.0+

For hardware only appliances, the boot process on the console can be interrupted and the following steps performed (images on the left are for older versions of Grub and on the right newer Grub versions):

Press a cursor key to interrupt the automated boot and using up or down select the version you wish to use. Choose from either 0 or 1 (or first or second line).

Press "e" to edit boot option at the GRUB menu, then press the down cursor key until the last line reads "Highlighted entry is 1" (left image) or until the cursor reaches the line starting 'initrd' then press the left cursor button (right image)

Press "e" to edit the line
Press the spacebar once and then type: FactorYReseT
1. Note the above is case sensitive, caps are mixed with small case.

Press the "enter" key (left image for older Grub). The screen should look similar to the below. For newer grub, skip this step and move on to 6:

Press "b" to boot (older Grub) or F10 to boot (newer Grub).
1. You should briefly see 'Rebooting appliance to factory reset' and the appliance will then boot up and the hostname will change to silverpeak-abcde or similar.

The process is complete.

3. RE: EC admin password recovery

Kudos

FRANCO5648

Posted Oct 25, 2023 11:38 AM

Hello Diego, were you able to solve the problem of being able to reset? If you could, can you help me share how your solution was? I have the same detail.

Original Message

Original Message:
Sent: Aug 18, 2023 06:17 PM
From: diegoisra
Subject: EC admin password recovery

Hi, I have an EC-US and when I get to step 2, it does not allow to type 'e'. It only shows the option to boot or to press 'p' to input some password which we don't know what password it reffers to.

Original Message:
Sent: May 12, 2023 12:00 AM
From: Khwaja Mohammed
Subject: EC admin password recovery

Starting from ECOS 8.1.9.12 and 8.3.0.4, the spsadmin account used for password recovery on the console of EC appliances has been removed and is no longer available for use. This has been done to address CVE-2014-2974. If the admin password becomes lost or unknown, you can attempt to reset the password from the Orchestrator using one of the following four options:

Login to Orchestrator, right-click on the appliance > CLI Session. Then type "enable", "config t" and then "username admin password xyz"
Login to Orchestrator, right-click on the appliance > Appliance Manager > Administration > Users and change the password for the admin account there
Login to Orchestrator, Administrator menu > Users > select appliance and username, then edit the password.
Login to the appliance web interface or CLI using RADIUS/TACACs if configured.

Primarily, the instructions below are for hardware appliances. Virtual appliances should be redeployed from installation package (OVA etc).

The table below shows the full list of possible recovery options by version:

ECOS Version	spsadmin present?	Recovery Options
8.1.9.11 or earlier 8.3.0.0 - 8.3.0.3	Y	Reset admin password from Orchestrator using the options above, if available and appliance is connected to it. spsadmin account with pre-set password is available only using physical or virtual console.
8.1.9.12+ 8.3.0.4 - 8.3.0.7 8.3.1.0 - 8.3.1.1	N	Reset admin password from Orchestrator, if available and appliance is connected to it. Reboot appliance and from the console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password. If neither of the above two options work, RMA is the only option left.
8.3.0.8+ 8.3.2.0+ 9.0+	N	Reset admin password from Orchestrator, if available and appliance is connected to it. Reboot appliance and from console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password. Factory Reset option available from boot loader. See process below.

Boot Loader Factory Reset process for ECOS 8.3.0.8+, 8.3.2.0+ and 9.0+

For hardware only appliances, the boot process on the console can be interrupted and the following steps performed (images on the left are for older versions of Grub and on the right newer Grub versions):

Press a cursor key to interrupt the automated boot and using up or down select the version you wish to use. Choose from either 0 or 1 (or first or second line).

Press "e" to edit boot option at the GRUB menu, then press the down cursor key until the last line reads "Highlighted entry is 1" (left image) or until the cursor reaches the line starting 'initrd' then press the left cursor button (right image)

Press "e" to edit the line
Press the spacebar once and then type: FactorYReseT
1. Note the above is case sensitive, caps are mixed with small case.

Press the "enter" key (left image for older Grub). The screen should look similar to the below. For newer grub, skip this step and move on to 6:

Press "b" to boot (older Grub) or F10 to boot (newer Grub).
1. You should briefly see 'Rebooting appliance to factory reset' and the appliance will then boot up and the hostname will change to silverpeak-abcde or similar.

The process is complete.

4. RE: EC admin password recovery

Kudos

EMPLOYEE

CG

Posted Oct 25, 2023 12:00 PM

Assuming you can access your EC somehow, perhaps via the Orchestrator, you may wish to try upgrading to any of the following ECOS versions where this issue should be resolved.

9.0.9+
9.1.4.4+
9.1.5+
9.2.3+
9.3.0+

Original Message

Original Message:
Sent: Oct 24, 2023 07:45 PM
From: FRANCO5648
Subject: EC admin password recovery

Hello Diego, were you able to solve the problem of being able to reset? If you could, can you help me share how your solution was? I have the same detail.

Original Message:
Sent: Aug 18, 2023 06:17 PM
From: diegoisra
Subject: EC admin password recovery

Hi, I have an EC-US and when I get to step 2, it does not allow to type 'e'. It only shows the option to boot or to press 'p' to input some password which we don't know what password it reffers to.

Original Message:
Sent: May 12, 2023 12:00 AM
From: Khwaja Mohammed
Subject: EC admin password recovery

Starting from ECOS 8.1.9.12 and 8.3.0.4, the spsadmin account used for password recovery on the console of EC appliances has been removed and is no longer available for use. This has been done to address CVE-2014-2974. If the admin password becomes lost or unknown, you can attempt to reset the password from the Orchestrator using one of the following four options:

Login to Orchestrator, right-click on the appliance > CLI Session. Then type "enable", "config t" and then "username admin password xyz"
Login to Orchestrator, right-click on the appliance > Appliance Manager > Administration > Users and change the password for the admin account there
Login to Orchestrator, Administrator menu > Users > select appliance and username, then edit the password.
Login to the appliance web interface or CLI using RADIUS/TACACs if configured.

Primarily, the instructions below are for hardware appliances. Virtual appliances should be redeployed from installation package (OVA etc).

The table below shows the full list of possible recovery options by version:

ECOS Version	spsadmin present?	Recovery Options
8.1.9.11 or earlier 8.3.0.0 - 8.3.0.3	Y	Reset admin password from Orchestrator using the options above, if available and appliance is connected to it. spsadmin account with pre-set password is available only using physical or virtual console.
8.1.9.12+ 8.3.0.4 - 8.3.0.7 8.3.1.0 - 8.3.1.1	N	Reset admin password from Orchestrator, if available and appliance is connected to it. Reboot appliance and from the console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password. If neither of the above two options work, RMA is the only option left.
8.3.0.8+ 8.3.2.0+ 9.0+	N	Reset admin password from Orchestrator, if available and appliance is connected to it. Reboot appliance and from console, check if backup partition has lower version such as 8.1.9.11, 8.3.0.3 or earlier. If found, boot the backup partition and then use spsadmin login to reset appliance password. Factory Reset option available from boot loader. See process below.

Boot Loader Factory Reset process for ECOS 8.3.0.8+, 8.3.2.0+ and 9.0+

For hardware only appliances, the boot process on the console can be interrupted and the following steps performed (images on the left are for older versions of Grub and on the right newer Grub versions):

Press a cursor key to interrupt the automated boot and using up or down select the version you wish to use. Choose from either 0 or 1 (or first or second line).

Press "e" to edit boot option at the GRUB menu, then press the down cursor key until the last line reads "Highlighted entry is 1" (left image) or until the cursor reaches the line starting 'initrd' then press the left cursor button (right image)

Press "e" to edit the line
Press the spacebar once and then type: FactorYReseT
1. Note the above is case sensitive, caps are mixed with small case.

Press the "enter" key (left image for older Grub). The screen should look similar to the below. For newer grub, skip this step and move on to 6:

Press "b" to boot (older Grub) or F10 to boot (newer Grub).
1. You should briefly see 'Rebooting appliance to factory reset' and the appliance will then boot up and the hostname will change to silverpeak-abcde or similar.

The process is complete.