I have two different vShield installations where I'm trying to change the privileged mode password on the service VM that runs on each ESX or ESXi host. However, whenever I try to change it, I get the following errors and the password is not changed. Also, the syntax given in the documentation is totally incorrect. I thought it was a problem with just my specific installation for some weird reason, but I'm finding this is true at all places where I've installed vShield Zones or vShield App 4.1
See below:
Note that in this example, I try changing the "enable" password to test with the commands:
vShield_FW_xxxxxxxxxxxxxxx# config terminal
vShield_FW_xxxxxxxxxxxxxxx(config)# enable password plaintext test <-- this is what the documentation says is the correct syntax
% Unknown command.
vShield_FW_xxxxxxxxxxxxxxx(config)# enable password test
Could not open CLI password file
Password changed
vShield_FW_xxxxxxxxxxxxxxx(config) # exit
vShield_FW_xxxxxxxxxxxxxxx# exit
vShield_FW_xxxxxxxxxxxxxxx login: admin
Password:
vShield_FW_xxxxxxxxxxxxxxx> enable
Password: <--- I try "test" here
Authentication failed!
vShield_FW_xxxxxxxxxxxxxxx> enable
Password: <- I try "default" here <- default password for new installs
vShield_FW_xxxxxxxxxxxxxxx#
Anybody have any ideas?
Note that this problem is happening just on the service machines. On the vShield Manager console I can change the "enable" password, but note that the syntax is the same (you don't need "plaintext"). However, I don't know why this is not working on the service VMs on each ESX/ESXi host.
manager# config terminal
manager(config)# enable password plaintext test <-- this is what the documentation says is the correct syntax
% Unknown command.
manager(config)# enable password test
Password changed
manager(config)# write memory
manager(config)# exit
This is strange is just tried this in my firewall app and was able to change the password. On the firewall VM here's what i did,
switched to enable mode
conf terminal
enable password test
write memory
exit (twice)
Logged backed in and when i switched to enable mode it accepted my new password.
Let me know if your doing something different.
This is strange is just tried this in my firewall app and was able to change the password.
Logged backed in and when i switched to enable mode it accepted my new password.
Let me know if your doing something different.
I'm doing the exact same thing as you are. Are you running 4.1?
Yes 4.1. I'm guessing its because of this error that you get , Could not open CLI password file i dont think the password is getting updated.
Yes 4.1. I'm guessing its because of this error that you get , Could not open CLI password file i dont think the password is getting updated.
Yes.. now the question is why am I getting the "Could not open CLI password file" error, and why is this showing up at two totally different places where I've installed vShield that have totally different ESX servers, networks, IP addressing schemes, etc. ?
Just a thought. What build of vShield Zones or vShield App do you have?
I am running 2.0.0-285928. Perhaps you are running an older or newer
build that does not exhibit this issue?
Yes i'm using vShield App 2.0.0-285928, vShield Manager 4.1-287872
I am having the same issue on my vShield Manager. If anyone figures out what's going on, I'd like to know as well. Or is there a way anyone knows to get to a Bourne shell prompt?
Seems that on three different installations of vShield Manager and vShield Zones in completely different environments, I'm having the same problem. The really weird thing is that sometimes if I return to a FW instance running on a specific ESX/ESXi host days later, it will suddenly allow me to change the privileged mode password, but this behavior is erratic and doesn't always work.
I put in a few support tickets to VMware about this issue, but still haven't received any sort of remedy one week later.
Were you ever able to find out why this was happening? I have the same issue on 1 of 3 service VMs. I have no problems whatsoever on the first 2, but when I try change the enable password on the third I get:
Could not open CLI password file
Password changed
But, as in your case, the password is not updated.
Regards,
Kyle
In case anyone else runs into this:
I opened a case with VMWare support and they told me it is a known bug in 2.0.0-307200 and will be fixed in the next release.
If you change the enable password prior to deleting and recreating the admin account (in order to change the password) everything will work correctly.
I had success with the following order:
Install vShield on the host.
Login with the admin account and immediately change the enable password.
Delete the admin account and recreate with the new password.
Save the config.
Apparently when you recreate the admin account it is not added with the correct permissions to write to the CLI password file. Since my host wasn't in production I simply uinstalled vShield and reinstalled to get a new service vm.
Kyle