NetScaler MAS: Resetting nsroot password

1vst4d
Intro

NetScaler MAS represents a very versatile and powerful tool. If you have NetScalers, I recommend you give it a try. As of this writing, if you have 30 or fewer VIP’s configured on your NetScalers, you can use all the features of MAS (confirm with your Citrix Sales Rep). So, let’s say you want to make some changes to MAS and find that a former employee has removed write access to your group and the nsroot password is unknown. What do you do? Citrix provides documentation on resetting the nsroot password on NetScalers, but nothing on MAS.

Get your Mr. Robot on!

We were able to follow most of the procedure in https://docs.citrix.com/en-us/netscaler/10-1/ns-system-wrapper-10-con/ns-ag-aa-intro-wrapper-con/ns-ag-aa-reset-default-amin-pass-tsk.html

This was a virtual machine on XenServer, so I connected to the console

  1. Connect to the virtual appliance via XenCenter..
  2. Reboot the NetScaler MAS.
  3. Press CTRL+C when the following message appears:
    Press [Ctrl-C] for command prompt, or any other key to boot immediately.
    
    Booting [kernel] in # seconds.
  4. Run the following command to start the NetScaler in a single user mode:
    boot -s
    Note: If boot -s does not work, then try reboot — -s and appliance will reboot in single user mode.

    After the appliance boots, it displays the following message:

    Enter full path name of shell or RETURN for /bin/sh:
  5. Press ENTER key to display the prompt, and type the following commands to mount the file systems:
    1. Run the following command to check the disk consistency:
      /sbin/fsck /dev/ad0s1a
      Note: Your flash drive will have a specific device name depending on your NetScaler; hence, you have to replace ad0s1a in the preceding command with the appropriate device name. In my case it was ad0s1a
    2. If you receive the following after running the above command:
      fsck: Could not determine filesystem type
    3. Run this command to resolve:
      /sbin/fsck_ufs /dev/ad0s1a

      You should see the following (select Y for all the prompts).nsroot1

    4. Run the following command to display the mounted partitions:

      df

      If the flash partition is not listed, you need to mount it manually.

    5. Run the following command to mount the flash drive:

      mount /dev/ad0s1a /flash

  6. Run the following command to change to the nsconfig directory:
    cd /flash/mpsconfig
  7. Create a hidden recover file in this directory
    touch /flash/mpsconfig/.recover
  8. Reboot the MAS
  9. Once the reboot completes, enter in nsroot/nsroot for the username and password (this may take a couple of minutes before you can login with nsroot.
  10. Login to the MAS web page with nsroot.
  11. Change the nsroot password and make other administrative changes.

Thanks,
Alain

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s