NetScaler 10.x: Reseting NSROOT password

1.0                Introduction


There are several guides around that suggest how to reset the NSROOT password, however, I have found inconsistences with all I have found. This is a blog on how I have managed to get it to work. The main difference is where I pressed ctrl+c. Not straight after the NS started to load.

2.0                Connect to the console

Step

Process

1.                   

 

Launch the console from ESX / XenServer / Hyper-V (or serial cable, if it’s physical).

2.                   

 

Power on the NetScaler VM.

3.                   

 

Wait until you see it loading the firmware (/ns-10.0-73.5 text=0x748510 data=0xfd70ac8+0x527ec8 |). At this point, press ctrl+c.

Example:

 

 

4.                   

 

Wait for the NS to complete with an OK prompt.

Example:

5.                   

 

Type:

boot –s

The NetScaler will boot into Single User Mode and return with:

Enter full pathname of shell or RETURN for /bin/sh:

6.                   

 

Press ENTER

7.                   

 

The prompt should change to \u@


3.0                Mounting the file system.

In order to access the configuration files, we have to manually mount /flash. The documentationsuggests flash is in /dev/ad0s1a. I don’t know if my system is abnormal, or the fact that the doco referes to 9.x and they changed it in 10.x, but for me it was da0s1a.

Step

Process

1.    

 

To find the correct mount point:

\u@ ls /dev

2.                   

 

Check the file system is happy by running:

\u@ fsck /dev/da0s1a

 

** Last Mounted on /flash

 

** Phase 1 – Check Blocks and Sizes

** Phase 2 – Check Pathnames

** Phase 3 – Check Connectivity

** Phase 4 – Check Reference Counts

** Phase 5 – Check Cyl groups

3.                   

 

Mount the file system to the folder /flash:

\u@ mount /dev/da0s1a /flash

The Citrix documentation is incorrect.  mount/dev/ad0s1a/flash should read mount /dev/ad0s1a /flash (Missing two spaces).

4.                   

 

To confirm the file system has mounted:

\u@ mount

 

/dev/md0c on / (ufs, local)

Devfs on /dev (devfs, local)

/dev/da0s1a on /fash (ufs, local)

4.0                Changing ns.conf

The idea here is to remove the line that causes the NetScaler to “load” the password. Again, much of the documentation suggests VI. Laughably Citrix’s documentation says “Use a text editor of your choice”. On FreeBSD, you only get VI and EE. Both of which, for me at least, wouldn’t work, but we can use grep.

Step

Process

1.       

 

Change directory to the location of ns.conf:

\u@ cd /flash/nsconfig

2.       

 

Confirm there is enough space in /flash to create a new file:

\u@ df –h grep /dev/da0s1a

Check the capacity value is well below 100%.

3.       

 

Confirm the existing entry in ns.conf:

\u@ grep “set system user nsroot” ns.conf

Should return something like:

set system user nsroot 12sdjkk43kn45k623j46kl2j46lkj426n… -encrypted –timeout 120

A long string, encrypting the password.

4.       

 

Using grep, we’ll remove the appropriate line outputting to a new file:

\u@ grep –v “set system user nsroot” ns.conf > new.conf

5.       

 

Now we rename the existing ns.conf to ns.conf.org:

\u@ mv ns.conf ns.conf.org

6.       

 

Next, rename new.conf to ns.conf:

\u@ mv new.conf ns.conf

7.       

 

Confirm the change has worked:

\u@ grep “set system user nsroot” ns.conf

Should return nothing as we have removed the line.


5.0                Reboot & Log in.

Step

Process

  1.          

 

Reboot the NetScaler:

\u@ reboot

  2.          

 

Once the NetScaler has reboot, log in with the default credentials: nsroot/nsroot.

  3.          

 

To change the password to something you know:

> set system user nsroot –password [ENTER]

Enter a password… [ENTER]

Renter password… [ENTER]

 

 

Please feel free to leave a comment...