FusionCompute Portal admin Account Lockout

Publication Date:  2015-07-23 Views:  410 Downloads:  0
Issue Description
Applicable version:
All FusionCompute V100R003C00 and V100R003C10 versions

Symptom:
When a user uses the correct username and password to log in to the FusionCompute portal, the message indicating that the account is locked and the user must wait for 4 minutes and try again is displayed on the portal, as shown in the following figure. After 5 minutes, the user still cannot log in to the portal.

Figure 1-1

Handling Process

1. Log in to the active Virtualization Resource Management (VRM) node as user gandalf and run the su – root command to switch to user root.

Check the Tomcat logs of the VRM node to identify the IP addresses that repeatedly access the VRM Tomcat component to attempt to log in to the portal.

The following shows the location of the VRM Tomcat log.

Figure 1-2



According to the following example log content, the IP address 192.168.191.59 attempts to access the VRM Tomcat component.

Figure 1-3



NOTE:
     POST /service/session indicates that a tool or component attempts to log in to the portal.
     400 79 indicates that the login failed.
    192.168.191.59 indicates the IP address of the tool or component that repeatedly attempts to access the VRM Tomcat component.

Log in to the devices using the identified IP addresses and confirm that the devices attempt to log in to the FusionCompute portal.

Configure a route to prevent the IP address from repeatedly attempting to access the VRM Tomcat component.

NOTE:
     Before configuring the route, ensure that this operation has no adverse impact on VMs and customer services.
    The following figure shows an example command that can be used to prevent the identified IP address from accessing the VRM Tomcat component.
    The command discards all IP response sent from the identified IP addresses.

Figure 1-4



After the admin account is unlocked, you can run a command to allow the identified IP addresses to access the VRM Tomcat component. The command in the following figure is an example.

Figure 1-5



The following is an example command used to unlock the admin account on the VRM node.

Figure 1-6



(Perform this operation if you want to create another administrator account.) Log in to the FusionCompute portal and create an administrator user on the Rights Management page so that you can log in to the portal even when the admin account is locked out.

Figure 1-7

Root Cause

This fault occurs usually after a user has changed the password of the admin account.

If some tools or components still attempt to use the old password of the admin account to log in to the FusionCompute portal after the password is changed, the account will be locked out.

Therefore, the first thing to do is to identify the tools or components that attempt to log in to the FusionCompute portal using the old password and prevent them from attempting to log in to the portal.

Then, the account will be automatically unlocked after 5 minutes.

NOTE:
        You can also create another administrator account so that you can log in to the FusionCompute portal even when the admin account is locked out.

Suggestions
When FusionCompute has been installed, the administrator should create a another account with administrator privileges.

END