So, it’s no secret that almost any Cisco device can easily have the master password restored. It’s a disruptive process, but it’s well documented for each type of device (as it should be). Cisco UCS is no different. We document the procedure in two places (latest versions linked):
Cisco UCS Manager CLI Configuration Guide, Release 2.0
Cisco UCS Manager GUI Configuration Guide, Release 2.0
It’s pretty simple to follow, but it assumes one crucial piece of data that you may not have – an existing valid login. This article intends that the reader is able to login to UCS Manager using some existing account (does not need admin rights) and collect some basic information (system, kickstart, and mgmt. image versions, etc) to start the procedure. But sometimes you may not have this info – and you just need to reset UCS manager back to defaults so you can start over, but you just can’t login to get there. Again, this procedure assumes you want to reset UCS Manager back to defaults and start over. If this is you, this is your lucky day! If you don’t want to lose your configuration, you can most likely use this procedure and just stop short of erasing the configuration – but I haven’t tested that so your mileage may vary.
The only thing you’ll need is a console cable for the fabric interconnect(s) that you want to recover the passwords on. When you’ve got a connection to the console port of the FI, here are the basic steps:
-
Reboot the FI
- Since you cannot login, you need to remove power to the FI by either removing the PSU’s or the power cords (whichever are easiest for you to reach)
- Since you cannot login, you need to remove power to the FI by either removing the PSU’s or the power cords (whichever are easiest for you to reach)
-
Press ctrl+shift+r a few times as the interconnect boots to interrupt the boot process
<side note> In a normal boot, the FI is programmed to three specific images:
- kickstart (kernel)
- system (system)
- management (UCSM)
This happens automatically. If something goes wrong with the boot process, the FI may stop after, before, or during any of these three stages. Depending on where it stops, you will have varying levels of functionality. Bu that’s a whole different story….
By interrupting the boot process, you must individually load the images yourself. If you were to reboot at any stage again, the FI will default back to its programmed boot sequence.
</side note>
-
This should leave you at the extremely useful, yet very unfriendly <loader> prompt. The good news is that we won’t be here long.
The loader has a very limited command list (below):
loader> help
? Print the command list
boot Boot an image
dir List the directory content
help Print the command list or
reboot Reboot the system
resetcmos Reset CMOS to factory defa
serial Serial console settings
set Set network configuration
show Show loader configuration
-
First, we need to know what kickstart we can invoke via the “boot” command. To get that, type the following:
dir
You will see output similar to the following:
loader> dir
bootflash:
lost+found
ucs-6100-k9-kickstart.4.0.1a.N2.1.1e.bin
ucs-6100-k9-system.4.0.1a.N2.1.1e.bin
sysdebug
chassis.img
nuova-sim-mgmt-nsg.0.1.0.001.bin
[output truncated]
-
The kickstart is in bold above. To boot off of this image, I would type:
Boot ucs-6100-k9-kickstart.4.0.1a.N2.1.1e.bin
-
This will load kickstart and stop at the boot prompt. Form here type:
switch(boot)# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(boot)(config)# admin-password mypassword (where mypassword is the password you want to use)
-
The password is now changed. So we just need to finish loading the FI. Again, “dir” is your friend here. Type the following:
dir
which will display output similar to this:
switch(boot)# dir
72 Feb 01 2010 21:28:24 ..tmp-kic
…[output truncated]
4096 Feb 23 2011 19:22:37 sysdebug/
4096 Feb 25 2011 09:07:11 techsupport/
21021184 Oct 01 2009 16:35:40 ucs-6100-k9-kickstart.4.0.1a.N2.1.1e.bin
105025752 Oct 01 2009 16:38:21 ucs-6100-k9-system.4.0.1a.N2.1.1e.bin
-
You are interested in the system image in bold in the output above. At the (boot) prompt, type the following:
switch(boot)# load ucs-6100-k9-system.4.0.1a.N2.1.1e.bin
The FI will now boot the system image and then load the UCS manager image bringing you to the login prompt.
Note: You are most likely not running the most current version of UCS at this time. It is not suggested that you attempt to actually use this running instance, even though you will be able to login again.
-
Login using your new password and type the following:
UCS-6100-A# connect local-mgmt
…[output truncated]
UCS-6100-A(local-mgmt)# erase configuration
This will erase the configuration of the FI and will reboot it to the default startup wizard.
Hopefully you will find this useful at a time when you really need it. Thanks for stopping by…
-Jeff