Data Domain: How to Reset Sysadmin or Security Officer Password
Summary: Data Domain sysadmin/SO password resets no longer require Support intervention when running DDOS (7.10.1.40 or newer). A password reset token is sent to the registered email address. Copy the token to a supported USB drive, insert it into the system, and log in as sysadmin or security officer to reset the password. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Data Domain sysadmin or Security Officer (SecOff) accounts requiring a password reset no longer require Tech Support intervention.
Limitations:
- This method of password reset does not apply to DDVE and DDMC; for those, contact Dell Technical Support.
- The DD3300 model does not support this method either as it is a DDVE system.
- DO NOT reset passwords on a DD Highly Available (HA) system in a DEGRADED state.
- Sysadmin and
Secoffaccounts cannot be reset using the Web-UI (DD System Manager) - The recovery email has to be set on a per-user basis. A recovery email must be set for each user before needing the reset.
Prerequisites:
- DDOS version 7.10.1.40 | 7.13.1.10 | 8.3.x… (or later)
- SSH or Serial Console access
- Preset recovery email address (
# user recovery-email set <email address>) - USB-Drive (Any Size: Formatted as
FAT32, ext2, ext3, ext4, MSDOS, and iso9660) - Physical access to the Data domain to insert the USB-Drive
Password Reset Procedure:
- After three failed login attempts using CLI (SSH or Serial Console), the system displays an error: "
Too many authentication failures" and the session is disconnected.
ssh -l sysadmin datadomain (sysadmin@datadomain) Password: <attempt1> (sysadmin@datadomain) Password: <attempt2> (sysadmin@datadomain) Password: <attempt3> Received disconnect from <IP> port 22: Too many authentication failures Disconnected from <IP>
- Immediately RE-ESTABLISH the CLI connection, and the 'reset password' prompt appears; Enter 'Yes' to reset the password when prompted.
# ssh -l sysadmin <datadomain> Data Domain OS (sysadmin@datadomain) Do you want to reset password [ yes | no ] ? yes Password reset token is sent to registered email address: <s****e@somewhere.com>
- An email containing a token file <
recovery_token.txt> is sent to the 'recovery email' account. - Copy the <
recovery_token.txt> file in the email to a USB drive, ensuring the filename remains unchanged. Supported file systems for USB areFAT32, ext2, ext3, ext4, MSDOS, and iso9660. - Insert the USB drive into any available USB port on the affected PowerProtect DD System.
- Log in as sysadmin or security officer to access the PowerProtect DD CLI and follow the prompts to reset the sysadmin or security officer password.
Recovery Example:
USB-Drive plugged in with valid Token file.
# ssh -l sysadmin <datadomain> Data Domain OS Do you want to reset password [ yes | no] ? yes USB drive with valid token is found. (**) Enter new password: Re-enter new password: sysadmin password changed successfully. Please remove USB with token.
(**) If a USB-Drive is NOT inserted (or has an invalid token), then a new Token gets generated by the recovery script (as seen in Step 2.)
NOTE:
- A password reset token is single-use only and is valid for 24 hours.
- A new reset token can be created at any time, if needed (repeat Step 1 in the recovery process)
- The new password should match the password strength criteria.
- If an invalid token is copied to USB, the password reset fails.
- Rebooting the system invalidates any existing token.
- DO NOT reset passwords on a DEGRADED HA system.
- Password recovery does not work as expected if the System Management Service (SMS) is down; a reboot may recover that service.
How to Reset Sysadmin Passwords on Dell PowerProtect Data Domain
Duration: 00:03:12 (hh:mm:ss)
When available, closed caption (subtitles) language settings can be chosen using the CC icon on this video player.
You can also view this video on YouTube.
Additional Information
Related articles:
- Dell PowerProtect Data Domain Info Hub (for DDOS Admin or Command Reference Guides)
- Data Domain: Connecting to the Data Domain System with a Serial Cable
Supplemental content:
The feature must be configured BEFORE the password was lost or forgotten, using the command:
# user recovery-email set <email id> To check if a recovery account is configured: # user recovery-email show Password recovery email address for sysadmin is: someone@somewhere.com
It must be set for each individual user using that command.
Affected Products
Data Domain, DD OSProducts
Data Domain Deduplication Storage Systems, DD OS 7.10, DD OS 7.13, DD OS 8.3Article Properties
Article Number: 000291519
Article Type: How To
Last Modified: 26 يونيو 2026
Version: 10
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.