Forum Discussion

san_239682's avatar
san_239682
Icon for Nimbostratus rankNimbostratus
Mar 03, 2016

resetting lost/forget admin and root password on F5 BIG IP

Can anyone suggest how to reset the forgotten root and admin password on F5 BigIP devices( running on 11.x and 10.x versions)

 

Do we need need to provide same password for root and admin? How does it work for a HA pair. We have two devices in redundant. Do we need to set same passwords on both devices for root and admin account?

 

  • Perhaps you have another account with full admin rights you can still use? This would suffice to update the root and admin account passwords.

    If not, check out section "Resetting a lost or forgotten root password" @ https://support.f5.com/kb/en-us/solutions/public/3000/300/sol3350.html

    Once you have the root account access, you can normally set the admin password to anything you want in TMSH (i.e.

    tmsh modify auth user admin password NewPasswoRd
    ). Only problem is that once you do that, you may have to re-configure the HA cluster. Put your standby appliance to Forced Offline state before you begin to ensure no unintended cluster failovers can occur as the cluster breaks.

  • First to reset the lost passwords you can go into the /config/bigip_user.conf file and change the "encrypted-password" field to password yourTempPassword. After you do that you can then load it via tmsh load sys config user-only. Once you do that, you can then change them in the GUI to something permanent so it re-encrypts them in the config file.

     

    In an HA scenario, those accounts should sync with each other so no need to make them the same ahead of time.

     

    • san_239682's avatar
      san_239682
      Icon for Nimbostratus rankNimbostratus
      Hi Brad Thanks for your response. Can you please confirm whether this root and admin passwords reside on bigip_user.conf file.
    • san_239682's avatar
      san_239682
      Icon for Nimbostratus rankNimbostratus
      Hi Brad Do we need to get serial console connection and restart the device during this process?
  • First to reset the lost passwords you can go into the /config/bigip_user.conf file and change the "encrypted-password" field to password yourTempPassword. After you do that you can then load it via tmsh load sys config user-only. Once you do that, you can then change them in the GUI to something permanent so it re-encrypts them in the config file.

     

    In an HA scenario, those accounts should sync with each other so no need to make them the same ahead of time.

     

    • san_239682's avatar
      san_239682
      Icon for Nimbostratus rankNimbostratus
      Hi Brad Thanks for your response. Can you please confirm whether this root and admin passwords reside on bigip_user.conf file.
    • san_239682's avatar
      san_239682
      Icon for Nimbostratus rankNimbostratus
      Hi Brad Do we need to get serial console connection and restart the device during this process?