Dell Unity: Reset the Admin and Service Password by Pressing the NMI Button May Not Work

The user may not know the admin or the service passwords and resetting them by pressing the NMI button does not work for one of them.

Dell Knowledge Base article 22355, Dell Unity: How to change, unlock, or reset the admin or service passwords (User Correctable).

Observations:

• User has pressed the NMI button on both SPA and SPB, but still cannot log in using the default admin or service passwords.
• Either the admin password or the service password is found to reset with the NMI reset procedure but not both.
• If the STIG banner is not disabled when the admin password is entered at the Unisphere login screen, it displays the first STIG banner again. The banner must be disabled using svc_banner -d in order to see the admin password reset fail to log in Unisphere. The banner should not be disabled unless necessary as it can be resolved with engineering assistance.
• With the STIG banner disabled, attempting to log in to Unisphere with the admin password from an NMI reset still gives the error: "The username or password you entered is incorrect. Please try again."
• The same error above is also seen when using a command from the sshcli that requires the admin password.

When user/account/settings is enabled, the "Password Minimum Size" by default is 15. It could be a bigger number if the user has ever changed it. The current NMI reset procedure uses a fake Password before resetting to the default password. This fake Password is not long enough to meet the STIG "Password Minimum Size" requirement. In this case, the NMI reset fails.

Addressing the NMI issue is handled differently depending on whether or not it is the Service password or the Admin password that must be reset.

Use case #1: Service password NMI reset is not working.

Do the following to allow the NMI process to work if the service user password reset is not working:

1. Disable the /user/account/settings on the primary SP before pressing the NMI button. This could work using admin role or security administrator role users.

uemcli -no -d <Unity_IP> -u admin -p <password> /user/account/settings set -enabled no

Or

uemcli -no -d <Unity_IP> -u <security administrator role user> -p <password> /user/account/settings set -enabled no

2. Press the NMI button on the primary SP to reset the passwords of both admin and service users.
   For STIG requirements, the user must set the "Password Minimum Size" to the value they want in /user/account/settings later.

Use case #2: Admin password NMI reset is not working.

Resolution:
Dell is adding an enhancement to a future Unity OE release. The enhancement allows the NMI reset procedure to work by resetting the "Password minimum size" to 8. This is the default value without the /user/account/settings enabled. Watch this knowledge base article for more details.

Workaround:
If the user forgets the admin password and does not have any security administrator role users, escalate to Dell Technical Support. This is to request a "customized admin password reset tool" based on the minimum password length requirement and OE code level in use.

Contact Dell Technical Support or your Authorized Service Provider and quote this knowledge base article ID for further assistance.

If the STIG default banner seen before login is disabled during troubleshooting when using svc_banner -d, the banner must be added back using Custom Banner procedure.

Go to Dell Support Unity Family Product Page, and review the document Service Commands Technical Notes found in the Administration tab.

/etc/motd typically contains a copy of the STIG default banner. The contents can be copied to the en_US.txt file which is used to add the STIG banner content. Typically there are two banners for STIG depending on whether Category 1 or Category 2 STIG is enabled.