Deploy a new CloudControl using the OVA file. The new CloudControl must be the same version and build number as the CloudControl that failed.
Power on the new CloudControl and log in as ascadminuser with the password Pa$$w0rd123!.
Assign new credentials to the local CloudControl administrator account (ascadminuser). For more information, see Changing the ascadminuser Password.
Obtain the passcode that was assigned when Root Password Vaulting was initially configured in CloudControl:
-
Obtain a copy of the CloudControl logs with the last 15 days of events if the RPV settings are set to the default of 5 days (3 cycles).
Note: If the RPV settings are set to 30 days, we recommend obtaining 3 log cycles (3 x 30 = 90 days of RPV hashes). -
Locate the HEX strings of the encrypted username and password in the logs for each host where the password needs to be recovered (addresses and hashes will vary between hosts).
Filter syslog:
- Category (actionCategory): ARC
- MSG ID (msgId) = ARC0032
-
Description: Update root account
Retrieve the root account password using the following command:
host <IP address> to <32-bit hash A> - <64-bit hash B>
The syslog output will be in the following format (per host):
Update root account: host <IP address> to <32-bit hash A> - <64-bit hash B>
In the CloudControl console instance that you opened in Step 2, enter the following command to recover the root password:
recoverpassword -k <‘passcode’> -u <32-bit hash A> -p <64-bit hash B>
If there have been RPV algorithm changes, you can also add the -a <algorithmValue> variable.
Example: recoverpassword -k 'Test@1234' -u 84373E3E37A739F3B807D50AB1CE003D -p B315DF3AB5730F2276E00DF529A19454F3BDCF89346E1E6BA8EFEDB78827D44B -a 3
| Note: | To avoid Unix shell misinterpreting or ignoring special characters, enclose the password in single quotes at the command line. |
