Cisco: Password Recovery

Ever lost the password to a Cisco device? I've had to do this about 4 times so far during my career (Not because I lost the password personally!). The steps are similar for many Cisco devices. These are the steps to reset the enable password on an ASA5505 Security Appliance.

The following steps were designed using a Cisco ASA 5505 Security Appliance. They are not appropriate for a Cisco PIX Firewall appliance.

1. Power-cycle your security appliance by removing and re-inserting the power plug at the power strip.
2. When prompted, press Esc to interrupt the boot process and enter ROM Monitor mode. You should immediately see a rommon prompt (rommon #0>).
3. At the rommon prompt, enter the confreg command to view the current configuration register setting: rommon #0>confreg
4. The current configuration register should be the default of 0x01 (it will actually display as 0x00000001). The security appliance will ask if you want to make changes to the configuration register. Answer no when prompted.
5. You must change the configuration register to 0x41, which tells the appliance to ignore its saved (startup) configuration upon boot: rommon #1>confreg 0x41
6. Reset the appliance with the boot command: rommon #2>boot
7. Notice that the security appliance ignores its startup configuration during the boot process. When it finishes booting, you should see a generic User Mode prompt: ciscoasa>
8. Enter the enable command to enter Privileged Mode. When the appliance prompts you for a password, simply press (at this point, the password is blank): ciscoasa>enable Password: ciscoasa#
9. Copy the startup configuration file into the running configuration with the following command: ciscoasa#copy startup-config running-config Destination filename [running-config]?
10. The previously saved configuration is now the active configuration, but since the security appliance is already in Privileged Mode, privileged access is not disabled. Next, in configuration mode, enter the following command to change the Privileged Mode password to a known value (in this case, we'll use the password system): asa#conf t asa(config)#enable password system
11. While still in Configuration Mode, reset the configuration register to the default of 0x01 to force the security appliance to read its startup configuration on boot: asa(config)#config-register 0x01
12. Use the following commands to view the configuration register setting: asa(config)#exit asa#show version
13. At bottom of the output of the show version command, you should see the following statement: Configuration register is 0x41 (will be 0x1 at next reload)
14. Save the current configuration with the copy run start command to make the above changes persistent: asa#copy run start Source filename [running-config]
15. Reload the security appliance: asa# reload System config has been modified. Save? [Y]es/[N]o:yes
Cryptochecksum: e5f81433 5493266b 4e24072 d71d5cbf
2157 bytes copied in 1.490 secs (2157 bytes/sec) Proceed with reload? [confirm]
When your security appliance reloads, you should be able to use your newly reset password to enter privileged mode.

Sawmill Report Analyser

I have discovered today that Sawmill is a really cool tool for slicing and dicing data to produce useful analytical reporting information. Well worth a look if you want to produce reports from logged data from Proxies, RADIUS servers, Firewalls, Mail Server logs... you name it.

It has a bunch of preconfigured plug-ins for just about everything, will munch just about any log file you throw at it with quite reasonable performance and is very versatile in its configurability. Pretty cheap too!

I've known about the tool for a while, but never had a reall good play with it until today.

Disclaimer: I am in no way affiliated with Sawmill.

SCCM: Distribution Points

It seems that if a Distribution Point in the SCCM distribution model exceeds its configured retries, it doesn't appear to run a maintenance task in order to get those packages. The maintenance task essentially checks what packages the server is meant to have against the packages it finds already on the disk. (You can copy the files in there manually and it will be quite happy).

In order to force the Distribution Points to run a maintenance task, I acquired this handy little script from Microsoft and have scheduled it to run nightly against a collection of machines that has the Distribution Point role. Sit back and you can watch the network activity jump at the scheduled time.

' Set required variables.
actionNameToRun = "Peer DP Maintenance Task"

' Create a CPAppletMgr instance.
Set controlPanelAppletManager = CreateObject("CPApplet.CPAppletMgr")

' Get the available ClientActions object.Set availableClientActions = controlPanelAppletManager.GetClientActions()

' Loop through the available client actions. Run matching client action when found.
For Each clientAction In availableClientActions
If clientAction.Name = actionNameToRun Then
clientAction.PerformAction
wscript.echo "Ran: " & clientAction.Name
End If
Next

SCCM: Distribution Error and the Ampersand

I came across an interesting problem in SCCM today. A branch distribution point ( BDP ) wasn't replicating a package and it turns out it was because one of the files in the package had an ampersand ( & ) in the file name.

I was seeing this in the ContentTransferManager.log on the BDP:

Unable to enumerate files in E:\BDPTmpWrkFldr\PDP2B6A.tmp (0x80070003)

I came across a Microsoft Knowledge Base article KB967648 that matches the error:

Consider the following scenario:

• Distribution points and branch distribution points exist in a Microsoft System Center Configuration Manager 2007 Service Pack 1 (SP1) site.
• A package is saved on distribution points and on branch distribution points.
• A file name in this package contains an ampersand (&).
• A property of this package is changed on the distribution points.In this scenario, branch distribution points cannot update this package, and an error is encountered. Additionally, package distribution fails, and the package folder on branch distribution points cannot be accessed because of security permissions issues.

There is a hotfix available from Microsoft that is linked from the KB article.

First!!11!one!1

Just kidding. This blog which I've left untouched for three years is going to undergo a redesign and be used for blogging information about esoteric technical stuff I've come across in my career as a computing professional.

if you find any of the information that is to follow useful, please drop me a line or leave a comment and let me know!

Cheers,
Sean