Recover Admin Access

Overview

This article describes how to regain admin access to the Web Administration Console when all available admin accounts are locked. By logging in via ‘Shipping’ mode, the user can then set the Database back to their production database, retaining all the user accounts and configuration information.

Ensure that all steps are followed, especially the restart of Tomcat, and investigating why the expected user could not login and resolving that issue.

Prerequisites

  • Swivel is running and a Web Administration login screen is accessible via web browser

  • Access credentials to the Administration Console

  • Brief scheduled downtime during recovery process (30-60 seconds outage)

Symptoms

Cannot login to the Swivel admin console through any admin accounts.

Solution

Warning

While you are carrying out this procedure, no one will be able to log on to any device using Swivel authentication until the procedure is completed. Also, do not carry out a User Sync until the database has been reset back to its correct value. Be aware that the repository may be set to automatically synchronise.

Required Steps

The following steps need to be performed:

  1. Login to the appliance (Linux) admin console

  2. Select ‘Appliance’

  3. Select ‘Set Database to Shipping’

    _images/RecoverAccessCMI.png

  4. Enter ‘Y’ to confirm resetting Swivel DB to shipping.

  5. Restart Tomcat

  6. Login to the Swivel Web Administration console with the following ‘Shipping’ default credentials:

    • Username: admin

    • Password:

    • PIN: 1234

  7. Important: Set the database back to the required database under Database -> General (usually Appliance Database), then click Apply.

  8. Check to see why the required user cannot login: Ensure a user with administrator rights exists, and the PIN number is known, the account is unlocked. If no password is set, ensure the password is blank by setting a blank password.

  9. Verify login from another PC, or browser. Check Swivel logs if any errors occur.

Verifying Login

Before logging out of the Swivel server, verify login from another PC or web browser. If you still have login issues, check the Log Viewer from the logged in session gained from shipping database mode.

Why did the login fail?

To stop it happening again investigate why the login for the user failed.

Check the Swivel logs

The Swivel logs on ALL Swivel instances can reveal why the login failed. Search the logs for the username to reveal the following:

  • Was the account locked?

  • Was the OTC used incorrect?

  • Did the user have permissions to login as an administrative user?

  • Someone else failing to login as that user?

  • Are there failed login attempts?

  • Was PIN expiry set? (See PIN Expiry How to Guide)

  • Was Change PIN on first login set?

Does an Administrative user exist?

Check the User Administration to see if the Administrative user or helpdesk permissions are set.

Reset the user’s PIN

Did the user receive a PIN number when the account was created? If not, one should be entered manually.

Is there a Swivel password set for the Administrative user?

If there is a Swivel password, it must be used. If none is expected to be used, click on ‘Reset Password’, leave the fields blank, then click apply. This will remove an incorrectly entered password. Was the AD password being entered? (Do not use the AD password on the admin console).

Is the database set correctly?

The database should be set to a required type such as Appliance Database (default), MySQL, MS SQL, or Oracle.

Troubleshooting

The Swivel config.xml is missing

Changes to the CMI require a restart of the console session. Logout and log back in again and reselect the option to set to shipping.

The Swivel DB is currently set to Shipping

The database is set to shipping, restart Tomcat.

Set DB to shipping not selected

Ensure that the DB is set to shipping. Verify by selecting the option again; a message will indicate it is in shipping mode.

Tomcat not restarted

Tomcat requires a restart, ensure it has been restarted.

After setting the production database back login still fails

Setting to shipping mode only allows a login. After the production database is set, the root cause of the login failure must be resolved. Check the Swivel logs to get an indication of why it failed. Reset the PIN, Reset the Password (leave blank on reset), check the Status page for locked or disabled accounts.