000026415 - How to reset a super administrator or Operations Console user name and password in Authentication Manager 7.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000026415
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition:  7.1
IssueThis article provides steps on how to reset the super administrator password in Authentication Manager 7.1.
A lost super admin user ID or password can be rectified by creating a temporary administration account using the program rsautils.cmd. You can leverage this login temporarily to reset your existing accounts.  This will require knowledge of the master password to perform these steps.
 
Resolution
  • For Authentication Manager 7.1 installed on a Windows server, launch the command line from the primary Authentication Manager server.
  • For Authentication Manager running on an RSA SecurID Appliance 3.0, launch an SSH session to the primary Authentication Manager server, login as the emcsrv user then sudo to the rsaadmin user (sudo su - rsaadmin).  The directory path will be /usr/local/RSASecurity/RSAAuthenticationManager/utils.
  • For Authentication Manager running on an RSA SecurID Appliance 3.0 or on a Unix server, prepend ./ to the rsautil commands shown here.  For example, ./rsautil restore-admin -u tempAdmin -p <password>.

Reset Security Console password


  1. Launch the command line from the primary Authentication Manager server.
  2. If installed in the default directory, navigate to C:\Program Files\RSA Security\RSA Authentication Manager\utils. If installed on another drive/directory path, navigate to that directory.
  3. Run the following command:
 C:\Program Files\RSA Security\RSA Authentication Manager\utils> rsautil.cmd restore-admin -u tempAdmin -p <password>

  1. When prompted, enter the master password A user named tempAdmin will be created with the password you set as the <password> value. Login to the RSA Security Console to reset your existing accounts.
  2. The tempAdmin user is only valid for 24 hours.
  3. The password you provide when creating this Super Admin is not validated by the default password policy. RSA recommends that you create a password that conforms to the default password policy when you use this utility.

In addition, the Super Admin restoration utility also resets the Operations Console password policy to LDAP_Password/RSA Password. In order for this change to take effect, use the Operations Console to flush the cache.


  1. Login to the Operations Console.
  2. Click Maintenance > Flush Cache.
  3. Click Flush to flush all cache objects.

Reset the Operations Console password


  1. If installed in the default directory, navigate to C:\Program Files\RSA Security\RSA Authentication Manager\utils. If installed on another drive/directory path, navigate to that directory.
  2. Run the following command to list all Operations Console administrators
C:\Program Files\RSA Security\RSA Authentication Manager\utils> rsautil manage-oc-administrators -a list

  1. Once you have the name of the Operations Console administrator that needs a password update, run the following command:
C:\Program Files\RSA Security\RSA Authentication Manager\utils> rsautil.cmd manage-oc-administrators -a update

  1. You will be prompted for a super admin user name and password. This can be a Security Console user admin name and password.
  2. You will then be prompted for the Operations Console admin name for which the password needs to be updated.
  3. Make the password change
  4. Login to RSA Operations Console.
Legacy Article IDa42454

Attachments

    Outcomes