Reset the password on a Dell EqualLogic SAN

The last few months we where asked several times to reset a password set on the main account for Dell EqualLogic storage, also known as the grpadmin account.

If you really don’t know the password set on the grpadmin but still have physical access to it you can start a recovery procedure to reset the grpadmin account back to the default password: grpadmin.

Important: Because you must power-cycle one group member as part of the password reset procedure, volumes with data stored on that member will be unavailable and active iSCSI connections to those volumes will be lost until the member is restarted. You may want to warn users of any impending offline volumes and iSCSI disconnections before resetting the password.

To temporarily reset the grpadmin account password to the default factory-set password, follow these steps:

1.) On one group member, connect the appropriate serial cable to serial port 0 (the correct cable will be different on different models of the PS Array) on the active control module. The active control module is indicated by the green control module status LED labeled ACT. The status LEDs are located on the controllers sometimes on the left side or next to the serial port on other controllers.

2.) Turn off power to the member (if you have dual power supplies, turn off both power supplies). Volumes with data located on the member will be offline and iSCSI connections to those volumes will be lost until the member is restarted.

3.) If the member has two control modules, after it is shut down, remove the controller that your serial cable is not connected to. This is to ensure that, while you are setting password-recovery mode on one controller, the other controller doesn’t run past us and start the array up.  Controllers just have to be removed a little so they don’t make contact any more to be disabled. (2 cm out is far enough)

4.) Turn on power to the member by turning on all the power supplies.

5.) While the member is restarting, press Ctrl/p when the following message appears on the console: Press Ctrl/p to enter setup mode. This will halt the boot process and allow you to enter commands to the boot monitor.

6.) At the CFE> prompt, enter the following commands, which are case-sensitive and must be typed exactly as shown:

CFE> setenv RESETPASSWORD 1

CFE> reload

7.) When the member restarts, the PeerStorage login prompt appears. After a short pause, the following message should appear: WARNING:Password recovery mode… Temporarily resetting grpadmin password.

If you get the previous message, log in the the group using the grpadmin account and its factory-set password, grpadmin:
Login: grpadmin
Password: grpadmin

At this point, you are logged in to the group with read-write permission and can perform any group administration task. At this point, you should set the grpadmin account password to a known value. Use the procedure described in the Modifying Accounts section in the Group Administration manual or use the following command:

> account select grpadmin passwd

Enter New Password: xxxxxxx

Retype password: xxxxxxx

Note: Unless you set the grpadmin account password within five minutes after the password recovery mode message appears, the grpadmin password will revert back to the value it had prior to the password reset procedure (that is, you will no longer be able to log in with the factory-set password).

However, as long as you remain logged in to the grpadmin account, you can set the password to a known value. If the password recovery mode message does not appear, the password reset procedure did not succeed (for example, because you did not enter the CFE commands exactly as shown). In this case, allow the member to completely start up, and then retry the password reset procedure, shutting down the member and following the steps above.

8.) If the member has two control modules, after logging in to the group and setting the grpadmin password, reinsert the second controller,  this restarts the secondary control module and allows it to be used. Within one minute, you should see a console message, indicating that the secondary control module is operational.

 

 

About

Edwin Weijdema works as an Enterprise Architect at Imtech ICT in the Netherlands. His job is to build bridges between management and the technicians and vice verse. He has many different roles including working as a speaker, trainer, writer, pre-sales consultant, enterprise architect as well as providing risk analysis and responding to concerns and questions posed by his clients. Edwin is a certified VMware VCP 2, 3, 4 & 5, and V(T)SP 3, 4 & 5. In 2010, 2011, 2012, 2013 and 2014 VMware awarded him the VMware vExpert award for blogging and community efforts. In his spare time he likes to relax in a good online game with friends.