Server console locked from MONITOR.NLM, no known password.
(Last modified: 02Jul2001)
This document (10017381) is provided subject to the disclaimer at the end of this document.
fact
Novell NetWare 3.2
Novell NetWare 3.12
Supervisor account in intruder lockout state, supervisor cannot login to fix itself.
symptom
Server console locked from MONITOR.NLM, no known password.
Error: User Supervisor is disabled due to intruder lockout.
change
Console password forgotten.
cause
Exceeded maximum login attempts for Supervisor account and enabled intruder lockout.
fix
Supervisor password can be used to bypass MONITOR.NLM console lock password.
Down the server through debugger using "LEFT SHIFT, RIGHT SHIFT, ALT, ESC" key sequence, and typing "q" to quit the server and bring it to DOS.
Type "ENABLE LOGIN" to disable intruder lockout on the supervisor account.
I have gone into the lab and created the environment that you indicated in your notes. If you lock the server console through monitor you can use the password entered ther to unlock the console, I was also able to unlock the server console with the original admin password. I then changed the admin password and again locked the conosle, I was unable to unlock the server console with the new password but if I used the original password that was created at the time of the install I was able to unlock the console, this is how it was designed.
A few other solutions to try would be (these have been documented in solutions):
When working in a 4.x environment, it is critical you do not have a user object named
SUPERVISOR, this will supercede the hidden object and will not allow many of the steps,
described below, to work.
Many times a combination of steps will need to be used. If the password does not seem to be
changing, try logging into the server as supervisor and see if it returns an error message.
Most often these error messages are due to intruder detection or login has been disabled.
Solution #1:
Try entering the original password for admin when the tree was created.
Solution #2:
Try entering the original password for admin when the server was first created in the tree.
When the admin user is first created it also creates a bindery supervisor object with the same
password.
Solution #3:
Try entering the previous admin password. Often times the admin password will be changed
and the changed password will not unlock the console. This is due to the fact that since the
supervisor bindery object is a hidden object, the password value is not changed the same
time the admin is changed.
Note: The following suggestions will require changing the supervisor password. In order to
modify the supervisor password, the server must have at least one RW replica of any partition
in it's database. This allows changes to be made to the hidden supervisor object in the
database.
Solution #4:
Change the supervisor password using SETPASS.
1. Login or attach to the server in bindery mode, using the /b option. Use WHOAMI to verify
you have a bindery connection. This connection must be made using the admin user or an
admin-equivalent user. Example: LOGIN my_server/admin /b
2. To use SETPASS:
a. Type "SETPASS <server_name>/supervisor", hit ENTER
b. It will then prompt for the password of the object used to login/attach to this server.
c. It will then prompt for the new password for the supervisor. Enter in the new password.
d. It will then prompt to re-enter the password. Type in the same password used in the
previous step. At this point, you should be able to go back to the console and unlock the
server. If it does not work, continue with the next steps:
3. Verify you can login as supervisor to the server. If you receive the error message
"LOGIN-4.12-870: An unknown error was returned during logins attempt to attach. Error
code: 893b.". This error code means that the supervisor user has been essentially locked out,
most likely because of an intruder detection. TID1007151 describes how to rectify this
situation when you have access to the console. Since the console is locked, access to the
console is unavailable so the following alternative will work. It will require the use of a 3.1x
utility called FCONSOLE.EXE. In order to use this utility, the following support files will be
needed:
FCONSOLE.EXE
FCONSOLE.HLP
SYS$MSG.DAT
SYS$ERR.DAT
SYS$HELP.DAT
IBM$RUN.OVL
These files can be located on a 3.1x server or found in the TABND2.EXE file. Run FCONSOLE,
go to status and enable login. This will reset the supervisor account to enable login. At this
point you will need to use SETPASS to change the password.
Another option to disable intruder lockout for the supervisor is to use 3.x syscon if a 3.x server
is on the network. Login into the 4.x server as admin in bindery and run syscon from the 3.x
server. Change servers to the 4.x server. Select supervisor options and Intruder
Detection/Lockout and disable intruder detection. You should be able to unlock the console
with the password set above. Then type "enable login" at the console and use syscon to
re-enable intruder detection.
Solution #5:
If none of the above steps work, the only way to get past this is to down the server and bring
it back up. An option to just powering it off would be to use the FCONSOLE utility to down the
server. .
document
| Document Title: | Server console locked from MONITOR.NLM, no known password. |
| Document ID: | 10017381 |
| Solution ID: | 1.0.26452855.2334831 |
| Creation Date: | 24Sep1999 |
| Modified Date: | 02Jul2001 |
| Novell Product Class: | NetWare |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.