How to Recover Password for NetScaler Appliance

This article describes how to recover the password for a NetScaler appliance.

Background

At times, you might have to recover the password for a NetScaler appliance if the user of the appliance has forgotten the same.

To avoid any unwanted HA failover due to reboot?? it is recommended to set STAY PRIMARY on primary node and STAY SECONDARY on secondary node.

To recover the password for the NetScaler appliance, complete the following procedure:
Note: Refer to the transcript in the Additional Resources section for the complete list of various commands run on the appliance and their respective output.

1. Attach a console cable to the Serial Console (9600 baud, 8 bits, 1 stop bit, No parity) of the NetScaler appliance.

2. Restart the NetScaler appliance.

3. Press any of the following keys, as prompted:

   • Press Spacebar when the following message is displayed:
     Hit [Enter] to boot immediately, or any other key for command prompt.
     Booting [kernel] in 10 seconds.

   • Press Ctrl + C keys simultaneously when the following message is displayed:
     Press [Ctrl-C] for command prompt, or any other key to boot immediately.
     Booting [kernel] in 2 seconds.

4. To start the appliance kernel on a single user mode, run the following command:
   boot –s
   Note: If boot -s does not work, then try reboot -- -s and the appliance reboots in single user mode.

5. Run the following command to check the disk consistency:
   /sbin/fsck /dev/ad0s1a

   Notes:

   • Refer to CTX122687 - How to Mount the Flash Drive by Using an Appropriate Device Name on a NetScaler Appliance to verify the device name assigned to the flash drive of the appliance model and replace ad0s1a in the preceding command with the appropriate device name. For NetScaler VPX on VMware, the disk uses SCSI emulation. Therefore, the device name of the flash drive is da0s1a.

   • If the above command does not work (displays "Could not determine filesystem type") use /sbin/fsck_ufs instead of /sbin/fsck

6. Run the following command to display the mounted partitions:
   df

7. Run the following command to mount the flash drive (again, substituting ad0s1a for the proper device name as?? determined above):
   /sbin/mount /dev/ad0s1a /flash

   If the preceding command fails to mount the flash drive, run the following command to create the flash directory and then run the preceding command again to mount the drive:
   mkdir /flash
   Note: For NetScaler VPX on VMware, the disk uses SCSI emulation. Therefore, the device name of the flash drive is da0s1a.

8. Run the following command to change to the nsconfig directory:
   cd /flash/nsconfig

9. Run the following set of commands to rewrite the "ns.conf" file and remove the set of system commands defaulting to the nsroot user:

   1. Run the following command to create a new configuration file that does not have commands defaulting to the nsroot user:
      grep –v “set system user nsroot” ns.conf > new.conf

   2. Run a command similar to the following command to make a backup of the existing configuration file:
      mv ns.conf old.ns.conf

   3. Run the following command to rename the "new.conf" file to "ns.conf":
      mv new.conf ns.conf

10. Run the following command to restart the appliance:
    reboot

11. Log on to the appliance using the default nsroot user credentials.

12. Run the following command to reset the nsroot user password of your choice:
    set system user nsroot <New_Password>

Citrix Documentation - Creating or Changing an RPC Node Password

The following is a transcript of the complete procedure to recover the password of NetScaler appliance:

 <snip> Console: serial port BIOS drive C: is disk0 BIOS drive D: is disk1 BIOS 637kB/1046500kB available memory  FreeBSD/i386 bootstrap loader, Revision 0.8 (murray@builder.FreeBSD.org, Tue Sep 18 10:05:43 PDT 2001) Loading /boot/defaults/loader.conf ns-6.1-86.1 text=0x4b6260 data=0x64908d0+0x5b50f4 <snip>  Hit [Enter] to boot immediately, or any other key for command prompt.  Booting [kernel] in 2 seconds...  Type '?' for a list of commands, 'help' for more detailed help. ok boot –s <snip> Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.9-NETSCALER-6.1 #0: Tue Dec  6 00:52:06 PST 2005     build@amber.netscaler.com:/usr/obj/usr/home/build/rs_61/usr.src/sys/NETSCALER Calibrating clock(s) ...  <snip>  Mounting root from ufs:/dev/md0c da0 at ahc0 bus 0 target 0 lun 0 da0: <SEAGATE ST336607LW 0007> Fixed Direct Access SCSI-3 device da0: Serial Number 3JA9380Z00007453SCPE da0: 160.000MB/s transfers (80.000MHz, offset 63, 16bit), Tagged Queueing Enabled da0: 35003MB (71687372 512 byte sectors: 255H 63S/T 4462C) md0: invalid primary partition table: no magic start_init: trying /sbin/init Enter full pathname of shell or RETURN for /bin/sh:  $ $ /sbin/fsck /dev/ad0s1a ad0s1: type 0xa5, start 32, end = 500735, size 500704 : OK ** /dev/ad0s1a ** Last Mounted on /flash ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 7594 files, 178477 used, 64114 free (7250 frags, 7108 blocks, 3.0% fragmentation)  ***** FILE SYSTEM MARKED CLEAN ***** $ /sbin/mount /dev/ad0s1a /flash ad0s1: type 0xa5, start 32, end = 500735, size 500704 : OK $ cd /flash/nsconfig $ df Filesystem  1K-blocks   Used Avail Capacity  Mounted on /dev/md0c      100750  86088 12648    87%    / /dev/ad0s1a    242591 178477 44707    80%    /flash $ grep -v "set system user nsroot" ns.conf > new.conf $ mv ns.conf old.ns.conf $ mv new.conf ns.conf $ reboot Waiting (max 60 seconds) for system process `vnlru' to stop...stopped Waiting (max 60 seconds) for system process `bufdaemon' to stop...stopped Waiting (max 60 seconds) for system process `syncer' to stop...stopped  syncing disks... done Uptime: 17m53s Rebooting... <snip>  Hit [Enter] to boot immediately, or any other key for command prompt.  Booting [kernel] in 2 seconds... Booting [kernel] in 1 second... Booting [kernel]...                <snip>  Feb 28 20:15:40 10.178.35.81 02/28/2006:20:15:35 GMT ns : EVENT STATECHANGE : Device "self node 10.178.35.81" - State UP  nssyslog nsvpnlog daemon  nsconmsg:Netscaler Syslog Daemon Starting....  nsconmsg:Netscaler Syslog Daemon Starting....  Displaying accesslogs information Performance Data Record Version 2.0 Started Feb 28 20:15:52 ns netscaler: self node 10.178.35.81: UP            login: nsroot Password: Last login: Tue Feb 28 13:33:47 from 10.153.38.125 Done