1 Rookie
•
19 Posts
0
5636
VNX5300: Security is not initialized
Hello,
I'm unable to connect VNX5300 via GUI (USM/SP) using sysadmin account while ssh to CS using root is fine. Apparently naviseccli can talk to spa/spb.
As you can see below the spa/spb complains that security is not initalized. If I try to create a new administrator user (ie: sysadmin2) it says that credential on control station is invalid.
Any help or suggestion to fix this is really appreciated!
(also https://[spa|spb]/setup reports "Domain Security Uninitialized - Please initialize the security using Unisphere or Naviseccli")
Thank you, Andrea
[nasadmin@emc2-cs0 ~]$ naviseccli -h spa getagent
Agent Rev: 7.32.33 (9.2)
Name: K10
Desc:
Node: A-CKM00122601488
Physical Node: K10
Signature: 3244558
Peer Signature: 3244576
Revision: 05.32.000.5.249
SCSI Id: 0
Model: VNX5300
Model Type: Rackmount
Prom Rev: 7.20.00
SP Memory: 8192
Serial No: CKM00122601488
SP Identifier: A
Cabinet: DPE8
[nasadmin@emc2-cs0 ~]$ naviseccli -h spa security -list
Security is not initialized. Add a global administrator to initialize security.
[nasadmin@emc2-cs0 ~]$
[nasadmin@emc2-cs0 ~]$ naviseccli -h spa security -adduser -user sysadmin2 -password sysadmin2 -scope global -role administrator -type system
WARNING: You are about to add user: sysadmin2
Proceed?(y/n) y
Add user operation failed. The internal credential to the Control Station is invalid.
Log in to the Control Station as root and run /nas/http/bin/set_passphrase IP_SP
[nasadmin@emc2-cs0 ~]$
[nasadmin@emc2-cs0 ~]$
[nasadmin@emc2-cs0 ~]$ su
Password:
[root@emc2-cs0 nasadmin]#
[root@emc2-cs0 nasadmin]# /nas/http/bin/set_passphrase 10.58.11.198
/nas/sbin/classic_navicli -np -h 10.58.11.198 getagent 2>&1
Error returned from Agent
Agent denied request -- Caller not privileged.
/nas/sbin/classic_navicli [-p] [-v|q] [-m] [-np] [-t timeout] [-h hostname]
[-d device] [-help] [-f filename] CMD
Possible commands are:
alpa arrayname arraycommpath bind baseuuid
cachecard chglun chgrg clearlog clearstats
createrg emconfiguration failovermode
flashleds firmware getagent getall getarrayuid
getatf getcache getconfig
getcontrol getcrus getdisk getlog getloop
getlun getresume getrg getsniffer getsp
getsptime initializearray inserttestevent luncache
lunmapinfo managedby managefiles mirrorview ndu
networkadmin port r3wrbuff readcru readlun
rebootSP register removerg reserved responsetest
remoteconfig sancopy setcache SC_OFF setloop
setraid5 setsniffer setspstime setsptime setstats
shutdown snapview storagegroup systemtype spcollect
spportspeed trespass unbind unitserialnumber
upload setfeature
Too few or invalid command line parameters
Unable to set passphrase.
[root@emc2-cs0 nasadmin]#
abuzzi
1 Rookie
1 Rookie
•
19 Posts
0
August 19th, 2019 03:00
Hello,
in order to initialize security I had to connect to SPA via console cable.
Here instructions to be followed:
[1] cable needed: 038-003-084 EMC Null Modem Micro DB9 to DB9/F Serial Cable – 25 Feet
[2] Plug the serial cable into the service port on Storage Processor A. Set up a serial PPP VPN on a Windows laptop using 115200, 8, n, 1. Username is clariion, password is clariion! - Doesn't matter what you put for the phone number.
[3] After the PPP dialup has been created in Networking close out of that wizard and navigate to: %appdata%\Microsoft\Network\Connections\Pbk
Edit the rasphone.pbx file in notepad
Change Type=1 to Type=3
Dial with login clariion/clariion!
[4] point a web browser to 192.168.1.1/setup. Scroll down until you see a button that says Reset Domain Security. Click this and OK to the pop-ups. Note that this is **not** disruptive to array operations - you can do this anytime. Repeat for Storage Processor B. Now disconnect your serial cable, fire up your Unisphere session and you'll be prompted to create a new administrator user and password. Done!
Thx,
Andrea
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
August 7th, 2019 09:00
Hello Andrea,
Here is the link to Domain Management with EMC Unisphere for VNX. If you look on page 9-11 it explains how to configure the users as well as how to configure the domain in unisphere.
www.emc.com/collateral/white-papers/h8853-domain-management-wp.pdf
Please let us know if you have any other questions.
abuzzi
1 Rookie
1 Rookie
•
19 Posts
0
August 7th, 2019 11:00
Hello Sam,
I tried to make spb (10.58.11.199) a master node but still get the "security must be initialized before any domain operation". Then I tried to create an global administrator user on both spa (.198) and spb (.199) with no luck.
Let me know anything you like me to test out.
Thank you, Andrea
[nasadmin@emc2-cs0 bin]$ naviseccli -h 10.58.11.198 domain -setmaster 10.58.11.199
Security is not initialized. Security must be initialized before any domain operations can be performed in this system. Create a global administrator to initialize security.
[nasadmin@emc2-cs0 bin]$
[nasadmin@emc2-cs0 bin]$ naviseccli -h 10.58.11.198 domain -remove 10.58.11.199
Security is not initialized. Security must be initialized before any domain operations can be performed in this system. Create a global administrator to initialize security.
[nasadmin@emc2-cs0 bin]$
[nasadmin@emc2-cs0 bin]$ naviseccli -h 10.58.11.198 security -adduser -user sysadmin2 -password sysadmin2 -scope global -role administrator -type system
WARNING: You are about to add user: sysadmin2
Proceed?(y/n) y
Add user operation failed. The internal credential to the Control Station is invalid.
Log in to the Control Station as root and run /nas/http/bin/set_passphrase IP_SP
[nasadmin@emc2-cs0 bin]$
[nasadmin@emc2-cs0 bin]$ naviseccli -h 10.58.11.199 security -adduser -user sysadmin2 -password sysadmin2 -scope global -role administrator -type system
WARNING: You are about to add user: sysadmin2
Proceed?(y/n) y
Add user operation failed. The internal credential to the Control Station is invalid.
Log in to the Control Station as root and run /nas/http/bin/set_passphrase IP_SP
[nasadmin@emc2-cs0 bin]$
youconscience
5 Posts
0
July 22nd, 2022 22:00
I connected from PCAnywhere, and find path %appdata%\Microsoft\Network\Connections\Pbk, but don´t exist.
In internal explorer I tried open https://[spa|spb]/setup.. and i had same error
the bottom "Reset Domain Security" i dont see it
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
0
July 25th, 2022 07:00
Hi,
Thanks for your question about resetting security. Did it give any errors while doing the steps from CLI that were previously posted?
Let us know if you have any additional questions.