Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Commander
Commander
300 views

The local/admin user Password has expired & Access has been denied

Jump to solution

Hi,

When I try to login to the Administrative portal with local Admin account, I get Password has expired.

Unfortunately, I can't login to the Enrollment portal to reset the Password because Authenticators Management events has only LDAP Password + SMS OTP chain. It seems the Password Only method for the Authenticators Management events was removed. Access has been denied. I know ☹

I tried a solution 2a in TID 7023511 but the account is still locked.

Is there any other solution to set the local admin password?

Or maybe to add the Password Only method for the Authenticators Management in the docker console?

 

AAUTH Version: 6.3.3.0.

 

Best regards,

Rok

0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

The documented instructions are not for that case, because they do not reset the “expired” flag. Below are the instructions for you.

It’s strongly recommended to create a snapshot before following the steps.

  1. Get Event ID for the Authenticators Management event:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT id from event WHERE name='Authenticators Management';"

  1. Get Chains assigned to the Authenticators Management event:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT * from event_logon_chain WHERE event_id='___EVENT_ID_FROM_STEP_1___';"

Please take a look on the number of rows at the bottom.

  1. Get Chain ID for the Password Only chain:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT id, name, methods from logon_chain WHERE name='Password Only';"

  1. Add the Password Only chain to the Authenticators Management event:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "insert into event_logon_chain (event_id, logon_chain_id, position, row_ver) values ('___VALUE_FROM_STEP_1____', '___VALUE_FROM_STEP_3____', '___NUMBER OF ROWS FROM STEP_2___', '2021-01-01 00:00:00.00000');"

This should add the chain to the next row.

  1. Now, it should be possible to login by the actual password (I believe, the changed one) to the Authenticators Management event to change the password

View solution in original post

2 Replies
Micro Focus Expert
Micro Focus Expert

The documented instructions are not for that case, because they do not reset the “expired” flag. Below are the instructions for you.

It’s strongly recommended to create a snapshot before following the steps.

  1. Get Event ID for the Authenticators Management event:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT id from event WHERE name='Authenticators Management';"

  1. Get Chains assigned to the Authenticators Management event:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT * from event_logon_chain WHERE event_id='___EVENT_ID_FROM_STEP_1___';"

Please take a look on the number of rows at the bottom.

  1. Get Chain ID for the Password Only chain:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "SELECT id, name, methods from logon_chain WHERE name='Password Only';"

  1. Add the Password Only chain to the Authenticators Management event:

docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "insert into event_logon_chain (event_id, logon_chain_id, position, row_ver) values ('___VALUE_FROM_STEP_1____', '___VALUE_FROM_STEP_3____', '___NUMBER OF ROWS FROM STEP_2___', '2021-01-01 00:00:00.00000');"

This should add the chain to the next row.

  1. Now, it should be possible to login by the actual password (I believe, the changed one) to the Authenticators Management event to change the password

View solution in original post

Commander
Commander

Dear George,

 

thank you very much for your instructions.  That’s exactly what I had in mind.

I added the Password Only chain for the Authenticators Management events according to your instructions.

It works!  Now I can login to the Enrollment portal to reset the local admin Password.,

 

Next step is to add the domain admin user to the full admins group 😊.

 

Best regards,

Rok

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.