I have seen some search terms on this site lately involving the same query as described in the title of the article: the EUC Unified Access Gateway (UAG) default password. I would like to answer those queries in this post. And to be short, direct and for some blunt, there isn’t any default. You will have to set the password of root and the password of admin in the deployment of the UAG appliance, or is changed via VAMI or the Admin console. I have done this myself a couple of times, with all sorts of VMware appliances, but the main thing for UAG, AP and IDM is that redeployment is much easier than trying to fix issues (and is stable, saves hassle and breaking heads). But what you would like if something goes amiss with deployment or changing, probably regarding some required special characters of admin, is to use some of the options to regain access to the system and try to find out what went wrong (we want to know the why don’t we?!?). If you have worked out the why with the option of regaining access, it is still advisable to redeploy with that knowledge. The procedure of resetting the passwords of root and admin are described in the rest of the article. You might just need the admin procedure if your root password is known and working.
Reset passwords of root and admin
Resetting the password of root requires steps to reset the password via the OS of the appliance and changing the local user. Resetting the password of admin requires steps to reset the password via the OS of the appliance, but changing the application in this process. The third goal of this exercise is for you to find out why the initial setting via the deployment script did not work.
Root Password Reset
For the root password of the VMware appliance, we can use a procedure to modify the appliance bootloader and go to a read-write root shell. Depending on the version of the appliance, and which version of Grub is used, depends on the steps required to change the line. Well, not per se the steps, but the place to change the option. Let’s say Pre-Photon Grub (aka old) and Photon Grub versions (aka newer)….
Example of the vCenter 6.5 Grub taken from VMware KB:
The procedure is more or less the same with the different versions:
- Open a VMRC console to the appliance
- Reboot the appliance
- When the GRUB bootloader appears, press the spacebar to disable autoboot.
- For older versions type p to access the appliance boot options. Enter the GRUB password, the default is ‘vmware’ or is set to the root.
- Select the OS option in the loader, mostly the appliance name in older versions or go for Linux in the Photon OS loader.
- To edit type the ‘e’ key
- Append init=/bin/bash for the older versions, and rw init=/bin/bash to newer versions to the line.
- To continue booting, press Enter and ‘b’ for the older Grub and ‘F10’ for the newer versions.
- Reset the root password with: passwd root. Here you will probably notice the password requirements of the OS, and probably something went amiss with your scripted input. Make notes here.
- Reboot the appliance
Done for this part.
VMware KB articles you can check for reference:
- vCenter 5.5/6: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2069041.
- vCenter 6.5: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2147144.
Note: These work on other appliances as well.
Application Admin Reset
For this procedure, you will have to login with root to the console of the appliance and reset the API admin password. Just like we could do with the REST API password on the Access Point. Good that we know the root as we just changed it, should be remembered or at least save in a password manager. Anyhow…
You probably want to access the admin console with the password you saved from the deployment, and behold you are not possible. Even with rechecking a second and third time. Time to get out the hacking…. ermmm…. resetting tools:
- Access console with root (VMRC or SSH)
echo ‘adminPassword=YourPassword’ > /opt/vmware/gateway/conf/firstboot.properties
chown gateway /opt/vmware/gateway/conf/firstboot.properties
supervisorctl restart admin
- Hint: the YourPassword must contain special characters.
- Validation: When the admin service reboots, it will generate the following message in the /opt/vmware/gateway/logs/admin.log file: Successfully set initial settings from firstboot.properties.
– Enjoy hacking your appliances to get access!