000032630 - How to reset or restore the default password for RSA Security Analytics IM

Document created by RSA Customer Support Employee on Jun 30, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032630
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition:
Platform: CentOS
Platform (Other): MongoDB
O/S Version: EL6
IssueThe Incident Management password was change and now will not start because of the mismatch in passwords.
The default password is <im> 
ResolutionThe following steps will guide the user through the process for changing the Incident Management (IM) database account password if not known.
  1. Connect to the ESA appliance via SSH as the root user.
  2. Log onto the MongoDB for Incident Management as the root user by issuing the command below.  
  3. [root@SA-Server /]# mongo im
    TokuMX mongo shell v1.4.2-mongodb-2.4.10
    connecting to: im
    > db.removeUser ('im')
  4. > Now that the user has been removed, we can add it back to its default password of <im>
  5. > db.getSiblingDB('im').addUser( { user: "im", pwd: "im", roles: ["readWrite", "dbAdmin"]
  6. exit Mongo
  7. Log into SA and make sure that the password is the same
A> Administration > Services > Explore > Incident Management > Service > Configure > Database . You can force the password to be IM in this field. 

  Example for Mongo Commands:
> db.getSiblingDB('im').addUser( { user: "im", pwd: "im", roles: ["readWrite", "dbAdmin"]} )
        "user" : "im",
        "pwd" : "0458201d5db7c425a30911f60933d6ff",
        "roles" : [
        "_id" : ObjectId("56cf634225dfaeb2ba6a6013")