TE Super Contributor.
Super Contributor.
1558 views

Console Access in AA

Hi,

New to AA, looking for info on how to access the console, either via SSH or even on the VMWare Console itself. Is there a root account? Password?

I have an appliance that had an upgrade go south, and trying to recover. We are at a point where a wipe and reload would not be that inconvenient as we are just beginning the configuration.
0 Likes
7 Replies
Micro Focus Expert
Micro Focus Expert

Re: Console Access in AA

We don't provide root access to the appliance.
We do recommend to make snapshots before upgrade - it's documented recommendation: https://www.netiq.com/documentation/advanced-authentication-56/server-administrator-guide/data/upgrading.html.
Apologies for the inconveniences.
0 Likes
TE Super Contributor.
Super Contributor.

Re: Console Access in AA

teysg;2468516 wrote:
We don't provide root access to the appliance.
We do recommend to make snapshots before upgrade - it's documented recommendation: https://www.netiq.com/documentation/advanced-authentication-56/server-administrator-guide/data/upgrading.html.
Apologies for the inconveniences.


One of the installation configuration items is the console password. I have had some reaction by logging in on the console with Administrator ID and the password set during the wizard. The next item is an OTP request. Nothing in this appears to be documented. If there is no console access, why set a console password? This is done via the VMWare Console, as nothing happens when you try an SSH connection.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Console Access in AA

tse7147 wrote:

> teysg;2468516 Wrote:
> > We don't provide root access to the appliance.

>
> One of the installation configuration items is the console password. I
> have had some reaction by logging in on the console with Administrator
> ID and the password set during the wizard. The next item is an OTP
> request. Nothing in this appears to be documented. If there is no
> console access, why set a console password?


root != console, maybe?

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
TE Super Contributor.
Super Contributor.

Re: Console Access in AA

lhaeger;2468584 wrote:
tse7147 wrote:

> teysg;2468516 Wrote:
> > We don't provide root access to the appliance.

>
> One of the installation configuration items is the console password. I
> have had some reaction by logging in on the console with Administrator
> ID and the password set during the wizard. The next item is an OTP
> request. Nothing in this appears to be documented. If there is no
> console access, why set a console password?


root != console, maybe?

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)


No, it is. What happens is once you get past the ID/Password, it asks for a OTP. Not sure how or where that is controlled, but based on the response below, it is what they built into the app so we are locked out of our own systems. Only NetIQ Support can access the console. I am not sure I agree with that principle.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Console Access in AA

tse7147;2468580 wrote:
One of the installation configuration items is the console password. I have had some reaction by logging in on the console with Administrator ID and the password set during the wizard. The next item is an OTP request. Nothing in this appears to be documented. If there is no console access, why set a console password? This is done via the VMWare Console, as nothing happens when you try an SSH connection.


It's possible to use console access only in a remote session with a person from AAF support. We use a principle of four eyes: you know and need to enter a password for administrator account and then we do need to enter a one-time password. We use this way for support sessions when we do need to install some custom patches for our customers.
SSH is disabled by default.

The AAF database is encrypted, so it's not possible to perform any actions to recover something AAF-related through console.
0 Likes
TE Super Contributor.
Super Contributor.

Re: Console Access in AA

teysg;2468773 wrote:
It's possible to use console access only in a remote session with a person from AAF support. We use a principle of four eyes: you know and need to enter a password for administrator account and then we do need to enter a one-time password. We use this way for support sessions when we do need to install some custom patches for our customers.
SSH is disabled by default.

The AAF database is encrypted, so it's not possible to perform any actions to recover something AAF-related through console.


So, when we see something like this in a log file...

Starting message broker: rabbitmq-serverFAILED - check /var/log/rabbitmq/startup_\{log, _err\} ... (warning).
failed!

There really is no way to do what it says, check the indicated log file. Basically, we are locked out of our own systems. Is that such a good idea? I get the idea that there is not much to be accomplished from the console, but to suggest one goes and views a log file that is inaccessible is not polite.

Also, I just thought I would alert you to a major security issue I have seen with the app. Whenever I bring up the web page to login, before the login appears, there is a quick view of the previous login session just before the login appears. Someone with quick screen grab could find all kinds of interesting info from that quick view. This is not from browser cache, as I have seen this days after I last logged in.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Console Access in AA

tse7147;2469401 wrote:
So, when we see something like this in a log file...

Starting message broker: rabbitmq-serverFAILED - check /var/log/rabbitmq/startup_\{log, _err\} ... (warning).
failed!

There really is no way to do what it says, check the indicated log file. Basically, we are locked out of our own systems. Is that such a good idea? I get the idea that there is not much to be accomplished from the console, but to suggest one goes and views a log file that is inaccessible is not polite.


Please create a new Support Request at Customer Care and let me know its number here.

tse7147;2469401 wrote:
Also, I just thought I would alert you to a major security issue I have seen with the app. Whenever I bring up the web page to login, before the login appears, there is a quick view of the previous login session just before the login appears. Someone with quick screen grab could find all kinds of interesting info from that quick view. This is not from browser cache, as I have seen this days after I last logged in.


Do you get this in Administrative Portal? What is your AA server version?

Thank you.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.