top of page
Writer's pictureMukesh Chanderia

ACI Multi-Site Orchestrator (MSO) Tshoot - Part 3

Troubleshooting Users


Resetting Local Admin Password


Note: This procedure is only for MSO OVA deployments in VMware ESX. It does not apply to Application Services Engine or Nexus Dashboard deployments.


Steps to Reset the Local Admin Password

  1. Access a Cluster Node:

    • SSH into any one of the cluster nodes using the root user account.

  2. Delete Admin Credentials:

    • Navigate to the scripts directory:


      cd /opt/cisco/msc/builds/<build_version>/bin

    • Run the script to delete admin credentials:


      ./msc_delete_admin.sh

  3. Restart the User Service:

    • Force update the msc_userservice to reset the admin password:


      docker service update --force --detach=false msc_userservice

    • Note: The admin user's password will revert to the default password. Check the Cisco Multi-Site Installation and Upgrade Guide for your specific version to find the default password.


Troubleshooting Cisco ACI Multi-Site External User Authentication


Use the following tips to resolve external user authentication issues.


1. Authentication Method Failed

Steps to Investigate:

  • Verify Provider Configuration Key:

    • Ensure the key specified in the Provider configuration is correct.

  • Check IP Registration:

    • Confirm that the Multi-Site (client) IP address is registered on the remote Cisco ACS server.


2. Invalid User Credentials

Steps to Investigate:

  • Confirm Username:

    • Make sure the username entered on the Multi-Site login screen is correct and matches a username configured on the Cisco ACS server.

  • Confirm Password:

    • Ensure the password entered matches the one configured on the Cisco ACS server.


3. Loading Icon with Authentication Errors

Steps to Investigate:

  • Check Provider Configuration IP:

    • Verify that the IP address in the Provider configuration is correct.

  • Ensure Network Reachability:

    • Confirm that both the Provider and Cisco ACS IP addresses are reachable from the Multi-Site environment.

  • Verify Port and Protocol:

    • Make sure the port and protocol specified in the Provider configuration are correct.

  • Select Correct Authentication Method:

    • Ensure the remote ACS server is set to use the correct authentication method (TACACS+ or RADIUS) under Network Devices and AAA Clients > Authentication Options.

  • Check Shared Secret:

    • Verify that the correct shared secret is provided in the remote ACS server user configuration and that it is not empty.


4. User Can Log In but Sees No Content or Tabs

Steps to Investigate:

  • Verify Cisco AV Pair and Roles:

    • Ensure that the Cisco AV Pair and user roles are correctly configured for the user on the remote ACS server.


Summary

  • Resetting Admin Password:

    • SSH into a node, delete admin credentials, restart the user service, and use the default password.

  • Troubleshooting Authentication Issues:

    • Authentication Method Failed: Check Provider key and IP registration.

    • Invalid Credentials: Verify username and password accuracy.

    • Loading Errors: Ensure correct IPs, ports, protocols, authentication methods, and shared secrets.

    • UI Issues Post-Login: Confirm Cisco AV Pair and user roles are properly set.



11 views0 comments

Recent Posts

See All

Comments


bottom of page