Netscaler MAS root password reset
Follow the steps below when running NMAS on Hyper-V:
- Access NetScaler MAS through Hyper V Manager console.
- Restart NetScaler MAS.
- Interrupt the boot sequence at the point where it says press Ctrl-C at the bootloader (shortly after message “Loading /boot/defaults/loader.conf”)
- To start the VM kernel in a single user mode, run the following command at OK Prompt: boot -s
- After the appliance boots in single user mode , it displays the following message: Enter full path of shell or RETURN for /bin/sh: Press ENTER key to enter into /[email protected] prompt
- Mount the flash partition using the following command: mount dev/ad0s1a /flash
- Delete rm /flash/mpsconfig/master.passwd
- Delete rm –rf /etc/passwd
- Create new file using the following command: touch /flash/mpsconfig/.recover
- Run the following command: Reboot
- Log on with nsrecover/nsroot
Follow a similar approach when running Netscaler MAS on other Hypervisors, as per Citrix support article: https://support.citrix.com/article/CTX232550
Netscaler ADC root password reset
The nsroot account provides complete access to all features of the appliance. Therefore, to preserve security, the nsroot account should be used only when necessary, and only individuals whose duties require full access should know the password for the nsroot account. Frequently changing the nsroot password is advisable. If you lose the password, you can reset it to the default and then change it.
Important! To avoid any unwanted HA failover due to reboot, it is recommended to set STAY PRIMARY on primary node and STAY SECONDARY on secondary node.
To reset the nsroot password, you must boot the appliance into single user mode, mount the file systems in read/write mode, and remove the set NetScaler user nsroot entry from the ns.conf file. You can then reboot, log on with the default password, and choose a new password.
Note: Refer to the transcript in the Additional Resources section for the complete list of various commands run on the appliance and their respective output.
To recover the password from a NetScaler appliance, complete the following procedure:
- Attach a console cable to the Serial Console (9600 baud, 8 bits, 1 stop bit, No parity) of the NetScaler appliance.
In case you are using NetScaler VPX then access NetScaler through console using XenCenter or vSphere. - Restart the NetScaler appliance.
- Press Ctrl + C keys simultaneously when the following message is displayed:
Press [Ctrl-C] for command prompt, or any other key to boot immediately.
Booting [kernel] in # seconds. - To start the appliance kernel on a single user mode, run the following command:
boot -s
Note: If boot -s does not work, then try reboot — -s and the appliance reboots in single user mode.After the appliance boots, it displays the following message:
Enter full path name of shell or RETURN for /bin/sh: - Press ENTER key to display the # prompt, and run the following command to verify the /flash drive consistency:
/sbin/fsck /dev/ad0s1aNotes:
- Refer to CTX122687 – How to Mount the Flash Drive by Using an Appropriate Device Name on a NetScaler Appliance to verify the device name assigned to the flash drive of the appliance model and replace ad0s1a in the preceding command with the appropriate device name. For NetScaler VPX on VMware, the disk uses SCSI emulation. Therefore, the device name of the flash drive is da0s1a.
- If the above command does not work (displays “Could not determine filesystem type”) use /sbin/fsck_ufs instead of /sbin/fsck.
- Run the following command to display the mounted partitions:
df - Run the following command to mount the flash drive (again, substituting ad0s1a for the proper device name as determined above):
/sbin/mount /dev/ad0s1a /flashIf the preceding command fails to mount the flash drive, then run the following command to create the flash directory and then run the preceding command again to mount the drive:
mkdir /flash
Note: For NetScaler VPX on VMware, the disk uses SCSI emulation. Therefore, the device name of the flash drive is da0s1a. - Run the following command to change to the nsconfig directory:
cd /flash/nsconfig - Run the following set of commands to rewrite the “ns.conf” file and remove the set of system commands defaulting to the nsroot user:
- Run the following command to create a new configuration file that does not have commands defaulting to the nsroot user:
grep –v “set system user nsroot” ns.conf > new.conf - Run a command similar to the following command to make a backup of the existing configuration file:
mv ns.conf old.ns.conf - Run the following command to rename the “new.conf” file to “ns.conf”:
mv new.conf ns.conf
- Run the following command to create a new configuration file that does not have commands defaulting to the nsroot user:
- Run the following command to restart the appliance:
reboot - Log on to the appliance using the default nsroot user credentials.
- Run the following command to reset the nsroot user password of your choice:
set system user nsroot <New_Password>If the Above Steps Does not work while Remounting the /Flash and /var Drives then Please Follow the Below Steps .
Steps to Perform File system Check and Mount /flash and /var Respectively .
The Below Commands Were Successful on MPX 5650
1. To Check /flash and mount if it is not Present when Executing df -h
>>To Check Flash use the Below Command
\[email protected]_ufs -y /dev/ad4s1a
>>To Mount Flash Drive use the Below Command
\[email protected] /dev/ad4s1a /flash
2. To Check /var and mount if it is not Present when Executing df -h
>>To Check Var use the Below Command
\[email protected]_ufs -y /dev/ad4s1e
>>To Mount Flash Drive use the Below Command
\[email protected] /dev/ad4s1e /var
More details on the step-by-step process can be found at https://support.citrix.com/article/CTX109006
