Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Reset Your Administrator Password and Unlock the Administrator User Account

Available Languages

Download Options

  • PDF     (339.5 KB)
    View with Adobe Reader on a variety of devices
Updated:March 19, 2015
Document ID:117866

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to reset your lost administrator account password for a Cisco Email Security Appliance (ESA), Cisco Security Management Appliance (SMA), or a Cisco Web Security Appliance (WSA). This document applies to both hardware-based and virtual-based AsyncOS appliances.

Reset Your Administrator Password

Complete these steps in order to reset your administrator (admin) password on your appliance:

  1. Contact Cisco Customer Support for a temporary admin password.

    Note: You must provide the full serial number of the appliance in your request or case notes.

  2. When you receive the temporary admin password:

    1. For hardware-based appliances, access the appliance via a direct serial connection:
      Bits per second: 9600
      Data bits: 8
      Parity: None
      Stop bits: 1
      Flow control: Hardware
    2. For virtual-based appliances, access the appliance from the ESXi console, or other virtual host console.

  3. Log in as user adminpassword.

  4. Enter the temporary admin password that you received from the Cisco Customer Support Engineer and press Return.

  5. Enter the new password that will be used for the admin user.
    AsyncOS myesa.local (ttyv0)

    login: adminpassword
    Password:  <<<WILL REMAIN BLANK AS YOU ENTER IN THE TEMP PASSWORD>>>
    Last login: Fri Feb 6 20:45 from 192.168.0.01
    Copyright (c) 2001-2013, Cisco Systems, Inc.

    AsyncOS 8.5.6 for Cisco C370 build 092
    Welcome to the Cisco C370 Email Security Appliance
    Chaning local password for admin
    New Password:  <<<WILL REMAIN BLANK AS YOU ENTER IN THE NEW PASSWORD>>>
    Retype New Password:  <<<WILL REMAIN BLANK AS YOU ENTER IN THE NEW PASSWORD>>>

    AsyncOS myesa.local (ttyv0)

    login: admin
    Password:  <<<USE NEW PASSWORD AS SET ABOVE>>>

Unlock Your Administrator Account

At this time, you are logged in via the admin account on the appliance. You should now confirm that the admin user has not been locked due to consecutive login failures. In order to confirm this, enter the userconfig command into the CLI:

> userconfig


Users:
1. admin - "Administrator" (admin) (locked)
2. dlpuser - "DLP User" (dlpeval)

External authentication: Disabled

Choose the operation you want to perform:
- NEW - Create a new account.
- EDIT - Modify an account.
- DELETE - Remove an account.
- POLICY - Change password and account policy settings.
- PASSWORD - Change the password for a user.
- ROLE - Create/modify user roles.
- STATUS - Change the account status.
- EXTERNAL - Configure external authentication.
- DLPTRACKING - Configure DLP tracking privileges.

If the admin user is locked, it is noted with (locked), as shown in the output.

Note: Only the admin account can change the status for the admin user. The admin user cannot be changed by any other local user account, regardless of the account's role on the appliance. Also, as previously mentioned, this must be completed via a serial/console connection.

The only other option is to request that the admin user be unlocked by Cisco Customer Support. This assumes that you have an account that has an administrative role on the appliance, and that you are able to log into the CLI or GUI with that account. This option also requires an open support tunnel to the appliance.

In order to unlock the admin user, or any other user account in the locked status, enter the userconfig command and proceed from the start menu as shown here:

[]> status

Enter the username or number to edit.
[]> 1

This account is locked due to consecutive log-in failures.

Do you want to make this account available? [N]> y

Account admin is now available.

Users:
1. admin - "Administrator" (admin)
2. dlpuser - "DLP User" (dlpeval)

Note: You are not required to commit the appliance configuration when you only change the status for the admin user.

Related Information

Revision History

Revision Publish Date Comments
1.0
19-Mar-2015
Initial Release
TAC Authored

Contributed by Cisco Engineers

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products