Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

Endpoint Secure Manager password recovery

Posted
Updated
Bysiva@sangfor.com
Views45

Issue Description

Endpoint Secure Manager password recovery

Handling Process

  1. Enable root account for ssh access.

Version Username / Password
> 3.7.12 root/great@cause
3.5.36, 3.7.2 scan QR code and contact TAC
Older version root/edr@sangfor

  1. Prepare backend access.
    Note:
    i) If it is a physical server, connect to the physical MGR server by console cable with baud rate 115200
    ii) If it is a virtual appliance, enter the vm console directly from respective platform.

    a. Go to /etc/ssh/ directory and backup sshd_config file
    cd /etc/ssh/
    cp sshd_config sshd_config.bak
    b. vi sshd_config and go to most bottom and change parameter in “PermitRootLogin no” from PermitRootLogin no to PermitRootLogin yes
    c. Save the changes and restart sshd service.
    /etc/init.d/sshd restart

  2. Enable MGR Service
    a. Backup listen_config.ini file
    cp /sf/edr/manager/config/listen_config.ini /sf/edr/manager/config/listen_config.ini.bak
    Note:
    Version 3.5.10 will be /sf/edr/manager/config/listen_port.ini

    b. Change the ssh_status from ssh_status = 0 to ssh_status = 1
    vi /sf/edr/manager/config/listen_config.ini 

    c. Save the changes and restart sshd service.
    /etc/init.d/sshd restart
  3. Login to MGR backend by ssh tool such as Mobaxterm with root account (root/edr@sangfor)
  4. Go /ac/dc/config/ directory and backup sys_account.json
    cd /ac/dc/config/
    cp sys_account.json sys_account.json.bak
    a. Replace the /ac/dc/config/sys_account.json with the new sys_account.json.
    cp /tmp/sys_account.json /ac/dc/config/sys_account.json

    Note:
    If you are unable to login the backend, try create a new user from ES backend console and login using the new user.

    setenforce 0 (Temporarily turn off selinux mode)
    useradd -G root -g root test123 (Create an account ‘test123’)
    passwd test123 (Configure a password. Eg: ‘@Debug123’)

  5. Login to MGR UI with GreatSF@123
    After recovered the password, remember to change to a new password in order to login to backend again with admin account.

    Note:
    If you had created a temporary user ‘test123’ make sure to remove it using the command : userdel test123

Root Cause

User had forgotten the Endpoint Secure admin password.

Solution

  1. Remember revert all the file back to original file to close the ssh login with root account.
    a. Revert /etc/ssh/sshd_config file
    cd /etc/ssh/
    cp sshd_config.bak sshd_config

    b. Replace /sf/edr/manager/config/listen_config.ini file
    cp /sf/edr/manager/config/listen_config.ini.bak /sf/edr/manager/config/listen_config.ini

    c. restart ssh service
    /etc/init.d/sshd restart

    Note:
    Attached sys_account.json file is for (version <=3.5.5) and (version >=3.5.10) respectively.
    MD5 value of 3.5.5 sys_account.json: A9EA88741D841E62B6703A0451D86FE3
    MD5 value of 3.5.10 sys_account.json: 5A6C13D5CF822CF7FDBE5C3AB3D6031B