Skip to content
  • There are no suggestions because the search field is empty.

How to unlock deploy_admin password in NetWitness Platform version 11.4.x later

Issue

If your "deploy_admin" account is locked, you are not able to login NetWitness GUI.
You may see following error message at Login page.
User-added

Cause

For some reason, the "deploy_admin" account can be locked.
For example) login attempt failures, "deploy_admin" information broken in security-server.

Workaround

In this case, you are not able to unlock the "deploy_admin" account from the NetWitness GUI level(Admin > SECURITY > Users tab) in version 11.4 later.
Follow these steps to unlock the "deploy_admin" account in MongoDB level.

1. Login to Mongo DB in NetWitness Server
# mongo admin -u deploy_admin -p netwitness
2. Switched to security-server
> use security-server
switched to db security-server
3. Review current collection using find function.
> db.user.find({"_id": "deploy_admin"}).pretty()
4. Update relevant fields to unlock "deploy_admin".
> db.user.update({"_id": "deploy_admin"}, {$set: {"failedLoginAttempts": NumberLong(0)}})
> db.user.update({"_id": "deploy_admin"}, {$set: {"lockUntil": NumberLong(0)}})
> exit

After the steps above, you are generally able to login to NetWitness GUI using the "deploy_admin" account.

If these steps are not working, you can also try the following steps.
  1. Login as admin using nw-shell in NetWitness Server
    # nw-shell

    ████████        ██████          ██
    ██      ██    ██               ████
    ██      ██    ██              ██  ██
    ██   ████       ██████       ██    ██
    ██    ██              ██    ██      ██
    ██     ██             ██   ██        ██
    ██      ██     ███████    ██          ██

    RSA NetWitness Shell. Version: 6.12.0
    See "help" to list available commands, "help connect" to get started.

    offline » login
    user: admin
    password: **********
  2. Connect to security-server.
    admin@offline » connect --service security-server
    INFO: Connected to security-server (03879097-86c0-4e09-8266-f5f8b56f83f8)
  3. Reset the "deploy_admin" account using invoke-command.
    admin@security-server:Folder:/rsa » cd security/account/reset
    admin@security-server:Method:/rsa/security/account/reset » invoke '{"id": "deploy_admin", "newPassword": "<your_password>"}'
After then, you should log in to NetWitness GUI using the "deploy_admin" account this time.

Internal Comments

Kenny(PS) resolved this issue using nw-shell and asked me to log these steps for wider audience.


Product Details

RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 11.4 later
Platform: CentOS
O/S Version: 7

Approval Reviewer Queue

RSA NetWitness Suite Approval Queue