Unified Access Gateway – Password resets

We all know that feeling when you return from a long vacation and you cannot remember your corporate password. But what if you also forgot passwords to your Unified Access Gateway?

The UAG has two main accounts root and admin each with a password that can be unique (but in most cases is set to the same thing) so you are screwed up two times.

In this mini-post let me show you how to gain back control and reset both passwords.

Assuming we don’t know any password we will need to start with the root, which will then allow you to change the admin password once you have access to the console.

Root password

Let’s start by regaining console access. The procedure is well documented I’ve added just one bonus tip. As a prerequisite, we need console access (vCenter, ESXi…) to the machine.

The journey begins with rebooting the UAG and pressing the “e” key on the Photon OS splash screen.

This will interrupt the boot process and give you access to GRUB, which we will need to modify. We will need to add:

rw init=/bin/bash

Right after “$rootpartition” and delete the rest of the line, so it will look exactly like this:

Then hit F10 or Ctrl-x to boot with the modified settings. You will end up with root shell access.

Here you can use the standard “passwd” command to set a new password for root.

Bonus tip

If your account is locked (because of too many tries) you can unlock it using pam_tally2 command. To check the current status of a user, execute:

pam_tally2 -u root

To unlock it, execute:

pam_tally2 -u root -r

Now you can reboot the appliance and log in with your brand new root password.

Admin password

Because we reset the root password, the admin account will be a piece of cake now. Again the procedure is documented, but the same as before there will be one bonus tip.

You will log in as root and execute “adminpwd” command. That’s it.

Bonus tip

Starting with UAG 3.8, there is a new REST API endpoint, which allows you to check with your monitoring tool of choice the expiration of the admin password.

https://uag.minarik.local:9443/v1/config/adminusers