Dell Unity: How to change /unlock /reset the admin or service passwords (User Correctable)
Instructions
How to change the admin password
Via Unisphere:
For other users, click on Settings > Users and Groups > User Management > select the individual user and click on “More Actions” to reset the password.
Via UEMCLI:
uemcli -u admin -p <passwd> /user/account -id user_admin set -passwd <new> -oldpasswd <value>
How to change the service password
Prerequisites: Both Storage Processors (SPs) must be present in the system and their boot mode must be Normal Mode. If you have removed an SP or an SP has failed, you must replace the SP before you can change the Service password.
Via Unisphere:
Via service commands:
svc_service_password -s YourPassword
Via UEMCLI:
uemcli -u admin -p <passwd> /service/user set -passwd <new> -oldpasswd <old>
How to unlock the service account after multiple failed login attempts
NOTE: Unity array must be running OE 4.2.2.x or later for this command to be implemented. See the notes section bellow for possible reasons why the service password may not reset/unlock.
Via UEMCLI:
uemcli -no -d <Unity_IP> -u admin -p <password> /user/account -id service set -locked no
Via service commands:
Note: Since the service account is locked at this point, this will only be possible if there is still another ssh session logged in, or over IPMI. If not, then IPMI is useless as you cannot login.
svc_service_password -u
How to reset the service/admin password on Unity (Hardware models)
Notes:
- The Dell Unity series is designed such that the system administrator can reset both the service and admin passwords using the NMI button on the SP. This option allows the system administrator a quick method to reset the password without the need to schedule a Dell resource onsite. If a password is forgotten or lost, the expectation is that the system administrator follows the action plan below.
- This is the only way to reset the password if the service password is forgotten or unknown and you are not already logged in to ssh or IPMI (to execute svc_service_password). This resets both service and admin passwords to default.
- If any SP runs not at Normal or Service mode, stop and engage your support representative mentioning this KB.
- Any SP in Service Mode must be recovered to normal mode. Steps 1 to 3 can be performed on a service mode SP to gain temporary service account login while recovering the SP to normal mode. (e.g. svc_rescue_state -c; svc_shutdown -r).
- The password reset via NMI button on a Service Mode SP is not persistent, the change will lost after SP rebooting.
- If this system has STIG enabled, please see the notes section below before continuing.
Note: Reference Article 000212222 for scenarios where the NMI reset procedure does not work for the service or the admin password reset:
https://www.dell.com/support/kbdoc/000212222
——————————————————————————————————————————————————–
Before you begin:
- Verifying the SP status:
Normal Mode: SP Fault LED is off.
Service Mode: SP Fault LED alternating amber and blue at one second intervals.
- Determining what SP is Primary:
When in Normal Mode, the NMI button must be pressed on the Primary SP in order for the Unisphere GUI to prompt the user to reset the password.
From Unisphere, check which SP is primary by going to System > Service > Service Tasks and check for the sp with status “Storage Processor X (Primary).” If not able to login to Unisphere, try the below procedure on SPA first, and if steps 1-4 fail, try again on SPB.
NMI button password reset process (See Note 2 below for guidance on Unity XT 480(F)/680(F)/880(F)):
- On the back of the disk processor enclosure, locate the NMI button on the Storage Processor. It is located in a small hole and shows two triangles pointing at each other (see picture below for guidance).
- Using a thin non-metallic object, press and hold the password reset button about 3 seconds then release, the SP Fault LED should blink at 2 HZ and turn off after 5 seconds, move to the next step after the LED turns off.
- Be careful!! Pressing the reset button for more than 10 seconds reset (reboot) the storage processor.
- Don t attempt next NMI reset on same SP within 30 minutes.
- Connect to the Unity array using a browser to the management IP and logon as admin with the default initial password “Password123#”. User should be prompted to reset both admin and service passwords. If you prefer to reset the password via ssh, the initial default password for the service account is “service.”
- Change the admin password from default to the user specified. Uncheck the box if you want to set the service account password to be different from the admin password.
- If you are not prompted to reset the password upon login, you may have pressed the NMI button on the non-primary SP. Repeat steps 1-4 on the second SP ONLY if you are not prompted to reset the password on the first attempt.
- If you are still not prompted to reset the password on each login attempt after trying once on each SP, contact your support representative and reference this KB number.
Unity x00(F) / x50(F) and Unity XT 380 (F) models | Unity XT 480(F) / 680(F) / 880(F) models |
Important Note: Due to a manufacturing issue on these models, the physical hole on the hardware does not align with the button on the board inside. The button may only be partially accessible through the hole. See guidance notes in the next section (Notes – NOTE 2). |
How to reset the service/admin password on Unity VSA
NOTE: This requires Console access (via vmware vsphere) and requires a reboot, so production is impacted during this procedure.
- Connect to the vSphere console for the Unity VSA
- Reboot the Unity VSA (svc_shutdown -r or via Unisphere or uemcli )
- Wait for the “EMC Boot” screen, press “Tab” key with in 3 seconds to edit the boot menu
- Append “unityvsa_reset_admin_password” at the end of the line (of boot loader) and press enter to boot
- After the boot/services start, Password for service and admin users will be reset to default (service/Password123# respectively)
- No further reboots necessary, because above step is not saved and runs only once.
Additional Information
Note 1: A problem exists where if STIG is enabled and the service account is locked, pressing the NMI button does not reset the service password.
The workaround is to:
1. Unlock the service user account first using this uemcli command:
uemcli -no -d <Unity_IP> -u admin -p <password> /user/account -id service set -locked no
2. Then press NMI button to reset the password.
If the user does not remember admin password (required to unlock the service account), then:
1. Press NMI button to reset the admin password.
2. Use the above uemcli command to unlock the service account.
3. Press NMI button again to reset the password for service and admin.
This issue will be fixed in a future Unity OE version.
Note 2: Guidance notes for models Unity XT 480(F)/680(F)/880(F) when the NMI butting is only partially visible.
As there is a 2mm air gap between the bezel and the button, the button can still be accessed with a thin non-metallic object at an angle as shown in the pictures here:
Note 2: Guidance notes for models Unity XT 480(F)/680(F)/880(F) when the NMI butting is only partially visible.
As there is a 2mm air gap between the bezel and the button, the button can still be accessed with a thin non-metallic object at an angle as shown in the pictures here:
Affected Product
Dell EMC Unity Family
Product
Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 500 , Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid
Source Dell EMC
Được đóng lại.