Admin credentials were not changing

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Admin credentials were not changing

L0 Member

Hi
We have 2 PA-850
They are working in HA mode

When i got the handover they gave the admin credentials

The secondary was always active
When i tried to login to the passive one the admin password did't work

At the end i logged in with the initial password created on first deployment 2 years ago
And it was not changing from Web or CLI

The issue fixed after when i upgraded from 9.0.4 to 9.1.13-h1

Abubakr Mohammed
Network and Security Engineer
3 REPLIES 3

Cyber Elite
Cyber Elite

@AbubakrMohammed,

Kind of sounds like the config sync that happens between the active/passive unit wasn't working for quite a while and the upgrade and restart fixed that. It could be something as simple as the passive having a config lock every time you ran a commit, which would have prevented the configuration sync from working properly. You should be able to review the system logs on the passive unit to verify if that's the case. 

L0 Member

There was no commit lock
The new admins were created but passwords of old admin was valid and all new passwords not valid
Even SSH keys were not valid for login

Abubakr Mohammed
Network and Security Engineer

@AbubakrMohammed,

Hmm .. That's a puzzle. The way the firewall's HA configuration sync works you shouldn't ever run into an instance where parts of the configuration are syncing and some aren't. Outside of everything specific to the device under <deviceconfig/>, you don't have any other differences in the configuration. Admin accounts aren't device specific, so if it loaded the new users it should have loaded the new phash values in the configuration. 

 

I'd still saying reviewing the configuration history on the passive unit will likely point towards a breakdown in that configuration sync process for some reason or another until you upgraded. Maybe it was running a new enough configuration to have the new admins, but failed prior to the old admins or new passwords and such actually got added? 

  • 2770 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!