UCM Password Reset

NOTE: If you know the password, but see OVL0428 - User authentication to CS1000 call server failed..., try this first:

1. Login to SS0 as admin2 (TTY via SSH)
2. Enter: appstart Jboss-Quantum restart (case sensitive, there is no service impact)
3. Wait for the TTY message "UCM is now ready to use" (takes about 5 minutes)
4. Try to logon on the UCM from the browser.

Procedure to reset UCM admin (Secure Domain) password.

If the UCM admin password is lost, locked out, or expired, use the following procedure to log-in locally with an emergency account (admin2) and reset it. On completion, log into the CS with the new admin password and Check Registered Elements.

If you want to reset/change the local-login root/admin2 password(s), refer to: Linux Base Password Reset.

The following steps are performed on the TLAN.
The "Change Password" function is TLAN only. *

* You can do this on the ELAN, but you must manually edit the URL TLAN IP address (in Step 5) to the ELAN address.

Preparation:

The PC hosts file must resolve the <fqdn> to the TLAN address of the Primary Security Server.
If you cannot ping <fqdn>, check the hosts file as follows:

• In Windows, open the hosts file in Notepad: C:\Windows\System32\drivers\etc\hosts
• In Mac OS X, to edit the hosts file, open a terminal session and enter: sudo nano /etc/hosts
• Connect to the TLAN, and confirm you can ping <fqdn> before proceeding.

Note: To access the CS from the TLAN, SSH into the UCM, and enter cslogin. End the CS session with ~. (tilde, fullstop).

From a PC connected to the TLAN:

1 Open a web browser, and enter the URL: https://<fqdn>/local-login

Log on with the default emergency account: admin2.

2 After logging in, change the browser URL to: https://<fqdn>/passwordReset and press Enter.

The "Password Reset" screen will display:

• In the User ID field, type the User ID for the password you want to reset (admin).
• In the New password field, enter a new TEMPORARY password (Password Policy compliant). We will change this again.
• In the Confirm new password field, re-enter the new password.
• Click Save. A confirmation page appears when succesful.

3 Completely close the browser program.

4 Re-open the browser, and enter the URL: https://<fqdn>/network-login

Enter the User ID and TEMPORARY password. On clicking Log In, you will see:

Login denied. The possible reasons are: This is your first login attempt. Your password is about to expire or has expired.

5 Click Change Password to change the password (again!) and activate the user account.

The following "Password Change" screen displays:

NOTE: If you're on the ELAN, notice the redirected URL has a TLAN IP address: change this to the ELAN address and reload.

6 Click Save, and note the "User password changed successfully" message.

Completely close the browser program.

7 Re-open the browser, and enter the URL: https://<fqdn>/network-login

Login in with admin, and the new admin password.

8 OPTIONAL: to stop this happening again...

Click on Security - Policies, and edit the Password Policy as required.
For example, uncheck: Aging / History / Strength / Lockout.