Troubleshooting
Problem
While the IBM Security Guardium™ appliances are secured systems, it is important that you manage and protect the user access information to the servers.
As a part of this responsibility, you need to manage the root passkey. This piece of information must be managed by you as a critical piece of the "joint password" mechanism implemented in the system to allow privileged access by using the root operating system user. For this reason, you must ensure it is available and updated when required.
Sometimes you might notice an error when trying to set or change the root passkey via the command-line interface (CLI).
| "Unlock failed. Aborting reset root password operation." |
Symptom
You are presented with an error message after trying to execute the "support reset-password root" CLI command, intended to set or change the root password (hence, the name root passkey) of a Guardium™ system:
Cause
The most common cause of this error is that a wrong "unlock access key" was entered during the process.
Environment
The information and sample pictures in this document were obtained from an IBM Security Guardium v11.3 appliance.
The process documented here applies to all Guardium™ versions.
Diagnosing The Problem
You are presented with the aforementioned error message when trying to change the root password using the CLI.
Resolving The Problem
1. First, review the official documentation of the product, depending on the installed version. There is an explicit reference to the "access key" that must be used in this situation.
2. Run the "support reset-password root" command.
support reset-password root
3. When the system prompts you to "Please enter access key to unlock reset root password command:", enter the following String exactly as-is.
t0Tach
| Note 1. While in the documentation the access key is surrounded by quotes, you must ignore them. |
| Note 2. When the system prompts you to enter the access key, the characters you type will not be displayed on the screen. It is an expected behavior. |
|
Tip 1. The characters of the access key as documented are:
t - lowercase letter "tee" (tango).
0 - number zero.
T - uppercase letter "tee" (tango).
a - lowercase letter "ei" (alpha).
c - lowercase letter "cee" (Charlie).
h - lowercase letter "aitch" (hotel).
|
If everything is done correctly, the system will display a message showing the new root passkey.
| Note 3. It is very important that you manage the root passkey of each Guardium™ server in your organization as if it were just another password, since this information may be required by technical support personnel to carry out maintenance and troubleshooting tasks. |
|
Note 4. The format of the root passkey is slightly different between product versions. For example, in newer versions, it consists of a numeric string separated by hyphens.
It is crucial to always store it completely and correctly, as you would do with a password.
|
Related Information
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0JAAS","label":"APPLIANCE"},{"code":"a8m0z000000Gp0MAAS","label":"AUTHENTICATION"},{"code":"a8m0z0000001hbcAAA","label":"CLI"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
26 January 2022
UID
ibm16204121