Let’s face it, sometimes we just forget passwords, or something mysterious happens and the password magically changes whilst you’re asleep – yeah, that’s totally what happened here…

I booted up my FMCv in the lab I run on my home PC and tried to log into the CLI but..

Login Incorrect ..what?

Login Incorrect ..erm

Login Incorrect ..

Agh! I’d lost access to the FMC! I swear it’s the right password, I use no other in my lab environments. Dreading the thought of having to start all over again and format the FMC, luckily I learnt there is an easy method to reset the default Admin password!

You will need a console/KVM connection onto the FMC in order to reset the password on a physical appliance. This was performed using a virtual FMC instance running 6.3.0 on VMware Workstation 15, using the built-in console.

Note for production environments, this does involve downtime of the FMC (which I’ve never found to be an issue as it does not affect FTD traffic).

The below process is for resetting the CLI Admin password (the web Admin password is NOT the same account). To see how to reset the web Admin password, go to the bottom of this article.

Once you are at the console, reboot the FMC. You will then see a red LILO boot menu. Press any key to interrupt the boot sequence. At the prompt, type the version of the FMC (6.3.0 in my case) followed by ‘single’ and hit return.

Once the FMC boots up into single user mode you should see the # prompt, proceed to type passwd admin to bring up the reset password prompt for the Admin user. Enter a new password and then again for confirmation. As this is my lab, I am using a basic password of ‘cisco’ (see, how could I forget that!). I will receive an ERROR stating the password is BAD because it does not meet complexity requirements…

Yes.. it is a bad password, but the FMC will accept it anyway (at least in my version). You should always use secure passwords, definitely in production environments, but I don’t have to tell you that.

Once your new password is set, you must then reboot the FMC again. Let it boot normally this time and do not interrupt like you did previously, once at the login prompt you should then be able to login using the newly set password.

To reset the web Admin password, you must first gain Admin access to the shell (remember, it’s a separate account).

At the prompt enter sudo usertool.pl -p ‘admin password’ (where password is the new password) like the below.

Note: you may have to enter expert mode first by typing ‘expert’, depending on the version of FMC you are working with.

Now go back to the web GUI and login using your new password, this time don’t forget it 🙂


2 Comments

Trey · November 27, 2019 at 11:09 am

Minor steps are missing.
Please Modify the instruction for Web recovery.
User must activate EXPERT mode after logging in through the CLI . Followed up with your instruction above.

Cheers,

    Tom · November 27, 2019 at 11:38 am

    Hi Trey,

    Thanks for noting this, I never had to do that in my example but I have updated the article. Perhaps this is a version thing, as I have logged into a physical 2100 FMC and I do not need to enter Expert mode in order to reset the web password (v6.2.2)

    Thanks again

Leave a Reply

Your email address will not be published. Required fields are marked *