Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1554 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Admin password with 2FA not synced in HA

LHerzog

For the second time now we face an issue that we cannot login to XG with SSH. Either as admin or with the ssh keys we entered in WebAdmin.

XG430 (SFOS 19.0.1 MR-1-Build365)

This was first noticed when we upgraded from 18.5.4 to the current version. There was a case 05903832 and of course the cause could not been identified by support. Instead they wanted us to recreate the issue with Firmware downgrade, Backup restore and so on.

The issure is that the HA Aux node has different SSH settings than the primary Node.

Today the HA did a failover to the AUX node.

Now on the AUX we cannot login with admin and the SSH Keys entered in Webadmin are not shown.

We switched over to the other node and have the same situation there. Admin cannot login to SSH and our SSH keys are gone.

All other things replicate fine.

What's the issue here with SSH? how can we assure, everything is synced? Known issue?



This thread was automatically locked due to age.
Parents
  • 0

    Could be related to a encryption problem with the SSMK. Can you reset the password and then login via console? This needs to be looked at by Support. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you @Lucar Toni, opened a case: 06084292

  • 0 in reply to LHerzog

    last time i reset the admin password on Console. I will leave it as it is so support can look at the faulty state.

    webadmin login is not working either with admin user.

  • 0 in reply to LHerzog

    Hello LHerzog,

    Thank you for sharing the Case ID.

    We have left a note in the case; checking on it, an L2 has requested the engineer assigned to gather some logs to escalate the case.

     Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hello,

    To update the community this is now being investigated by DEV under NC-113962.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    As advised by support, I reset the password with serial cable now on both machines. On Serial connection I could login with admin / admin then. Logged on Web GUI with admin admin+2FA and was forced to set a new secure password.

    At first I just entered admin as old password and a new password.

    Then the wizard told me it didn't work - I need 2FA for old password.

    So did the same again with admin+2FA

    Same error message appeard again and again. Need 2FA for old password and it did not proceed.

    In my mailbox I found mails about badlogins and that the IP I tried with has been finally banned due to  too many logins.

    Then I logged in Web GUI with other admin user and found that the admin password has been changed on the Web GUI. But why? I always got error messages when I tried to change the password as the admin user.

    and yes, after some time when my IP has been unblocked, I could login as admin with the new password +2FA

  • 0 in reply to LHerzog

    tried today to use the new admin password + 2FA on the AUX node by connecting to it's local LAN port with notebook.

    The machine then brings this popup which shows me, the new password has been synced BUT it is missing the flag that it has already been changed on the PRI node.

  • 0 in reply to LHerzog

    Hello LHerzog,

    Thank you for the update.

    This feedback has been shared with DEV under NC-113962.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Thanks  

    received Mail from GES today:

    They could reproduce the issue. There seems to be some issue regarding password change in HA setup, when MFA is enabled, fails to set the password in the Auxillary machine. the following is the error in the auxiliary machine

    ERROR     Mar 02 07:51:40Z  [change_admin_password:12402]: authentication_user: recvfrom(6) failed 'Resource temporarily unavailable'

    In the Primary machine password is set correctly, and in UI “password change successfully” message is also shown.

    As the auxiliary password is not changed(still ‘admin’ is set), when the customer tries to log in to auxiliary machine, the change password menu is shown again

    --

    I'm not so sure about the last sentence as I had the new password already on the AUX but it was still flagged like "password change required".

Reply
  • 0 in reply to emmosophos

    Thanks  

    received Mail from GES today:

    They could reproduce the issue. There seems to be some issue regarding password change in HA setup, when MFA is enabled, fails to set the password in the Auxillary machine. the following is the error in the auxiliary machine

    ERROR     Mar 02 07:51:40Z  [change_admin_password:12402]: authentication_user: recvfrom(6) failed 'Resource temporarily unavailable'

    In the Primary machine password is set correctly, and in UI “password change successfully” message is also shown.

    As the auxiliary password is not changed(still ‘admin’ is set), when the customer tries to log in to auxiliary machine, the change password menu is shown again

    --

    I'm not so sure about the last sentence as I had the new password already on the AUX but it was still flagged like "password change required".

Children
Unfiltered HTML