The two root passwords on an Avamar system are the OS root password (default: changeme) and what's called the DPN root password (default: 8RttoTriz) which is the application's superuser password.
To change either of these passwords, use the change-passwords utility on the utility node. You will be prompted about which passwords you wish to change.
Assuming the system has been configured according to best practice, you shouldn't need to make further changes following the password change.
I have "inherited" this system, so I start by assuming that it is NOT configured to best practice as I have found that since my company has SO many security checks and restrictions it was set up to work in this environment and not an ideal world. I have also learned that when it was set up there were tasks that were supposed to be done by my predecessors but instead of completing them they said good enough and left them to be discovered later.
With that said, what other changes should I anticipate needing to make once the password has been changed on the utility node for the DPN root account? I found an old Avamar 6 discussion that said the proxies would need to be updated, is that still true? If so, how as I found several ways to do it, but did not know if that would still work in Avamar 7.5.1.
The only thing that might break that I can think of off the top of my head would be replication. In very, very old Avamar releases (5.x and older), the root account was used for replication but this hasn't been the case for a long time.
The VMware Image proxy implementation has changed dramatically since 6.x. We no longer store credentials locally on the proxies.
In the logs I see Root with Product of MCS and Root with Product of SCC, which is which? Which one is OS and which is DPN?
In which logs, sorry? If the product is "MCS", that's going to be the DPN root password but I'd need more context to tell you what SCC might mean.
You will have to change the password on each system independently. Replication does not replicate password changes*.
* Except if these systems are configured for root-to-root replication which they are almost certainly not. If you can log into the GUI on the replication target, you are not doing root-to-root.
I am looking in the Audit Logs, that is where I am seeing root as the user and the product is either MCS or SCC.
The SCC product is usually in conjunction with Operation = Edit, Summary = Client was Updated and domain is /clients/proxy. I am taking a wild guess this is a VM backup where the snapshot is attached to the proxy for the backup?
ionthegeek
2 Intern
•
2K Posts
0
July 24th, 2018 11:00
The two root passwords on an Avamar system are the OS root password (default: changeme) and what's called the DPN root password (default: 8RttoTriz) which is the application's superuser password.
To change either of these passwords, use the change-passwords utility on the utility node. You will be prompted about which passwords you wish to change.
Assuming the system has been configured according to best practice, you shouldn't need to make further changes following the password change.
PastorMike1
1 Rookie
•
34 Posts
0
July 24th, 2018 12:00
Hi Ian,
I have "inherited" this system, so I start by assuming that it is NOT configured to best practice as I have found that since my company has SO many security checks and restrictions it was set up to work in this environment and not an ideal world. I have also learned that when it was set up there were tasks that were supposed to be done by my predecessors but instead of completing them they said good enough and left them to be discovered later.
With that said, what other changes should I anticipate needing to make once the password has been changed on the utility node for the DPN root account? I found an old Avamar 6 discussion that said the proxies would need to be updated, is that still true? If so, how
as I found several ways to do it, but did not know if that would still work in Avamar 7.5.1.
Thank you,
-Mike
ionthegeek
2 Intern
•
2K Posts
1
July 25th, 2018 08:00
The only thing that might break that I can think of off the top of my head would be replication. In very, very old Avamar releases (5.x and older), the root account was used for replication but this hasn't been the case for a long time.
The VMware Image proxy implementation has changed dramatically since 6.x. We no longer store credentials locally on the proxies.
PastorMike1
1 Rookie
•
34 Posts
0
July 25th, 2018 13:00
One more question I hope is quick...
In the logs I see Root with Product of MCS and Root with Product of SCC, which is which? Which one is OS and which is DPN?
Thank you,
-Mike
PastorMike1
1 Rookie
•
34 Posts
0
July 25th, 2018 14:00
Speaking of Replication, do I need to change the password on each system, or changing it on one does that replicate to the other system?
Thank you,
-Mike
ionthegeek
2 Intern
•
2K Posts
1
July 26th, 2018 10:00
In which logs, sorry? If the product is "MCS", that's going to be the DPN root password but I'd need more context to tell you what SCC might mean.
You will have to change the password on each system independently. Replication does not replicate password changes*.
* Except if these systems are configured for root-to-root replication which they are almost certainly not. If you can log into the GUI on the replication target, you are not doing root-to-root.
PastorMike1
1 Rookie
•
34 Posts
0
July 26th, 2018 10:00
Hi Ian,
I am looking in the Audit Logs, that is where I am seeing root as the user and the product is either MCS or SCC.
The SCC product is usually in conjunction with Operation = Edit, Summary = Client was Updated and domain is /clients/proxy. I am taking a wild guess this is a VM backup where the snapshot is attached to the proxy for the backup?
Thank you!
-Mike