Sun Storage 3000 Arrays: How to Reset the Array Password

Asset ID:	1-71-1004774.1
Update Date:	2018-03-14
Keywords:

Solution Type Technical Instruction Sure

Solution 1004774.1 : Sun Storage 3000 Arrays: How to Reset the Array Password

Applies to:

Sun Storage 3310 Array - Version Not Applicable and later
Sun Storage 3320 SCSI Array - Version Not Applicable and later
Sun Storage 3510 FC Array - Version Not Applicable and later
Sun Storage 3511 SATA Array - Version Not Applicable and later
All Platforms

Goal

This document describes two methods to reset the password for a Sun Storage 3000 Array. Both methods require running commands as the root user, to provide security against unauthorized changes.

Solution

There are two methods to reset the array password. The first method is preferred. The second method has an impact on host connectivity.

This document addresses a configuration in which the array is running normally and servicing I/O to one or more hosts. For information on initial configuration, including establishing connectivity to manage the array, refer to the Sun StorEdge 3000 Family Installation, Operation, and Service Manual for your array on the Oracle Technology Network Oracle Disk Storage Systems Documentation page.

Method #1: Use the sccli "set controller-password" command

If an array controller is password protected and the password is lost or forgotten, there is no way to gain privileged access to the controller in out-of-band mode (that is, by telnet or serial connection). This is the proper functionality of password protecting the array.

To reset the controller password by Method #1, two conditions must be met:

The sccli command must be available on the Solaris host from which the password reset will be performed. To download and install the appropriate package which contains the sccli binary, refer to <Document 1004352.1> How to Download and Install Sun Storage Configuration Service Software (SUNWsscs).
At least one LUN owned by the primary controller of the array must be mapped to the Solaris host from which the password reset will be performed.

As root, run the sccli command to get the prompt, and then reset the password. To remove the password completely, use two double-quote characters in a row.

# /usr/sbin/sccli

sccli> set controller-password "" <ENTER>

If the in-band connection from the host is to a LUN owned by the secondary controller, the sccli command returns the following message:

sccli: primary controller must be selected first

There is no prompting the root user for the old password. It is assumed that the Solaris host is secure for root, thereby allowing for this functionality to set the new password for the controller in-band, via sccli.

It is now possible to telnet or tip into the controller and provide a new password. Do not use sccli in-band at the same time as using the out-of-band tip or telnet, as it can cause unexpected behavior.

This command to reset the array controller password will work the same on single-controller and dual-RAID controller arrays.

Method #2: Reset NVRAM

CAUTION: This procedure is disruptive. All data on the array is retained, and LUNs remain intact. However, host access to LUNs is interrupted, and NVRAM content is discarded. Do the following procedure during a maintenance window with all host LUNs un-mounted and not in use.

Ensure you have console access to the array. This can be accomplished with a null-modem cable connected to a Solaris host or a laptop.

The sccli command must be available on the Solaris host from which the password reset will be performed. To download and install the appropriate package which contains the sccli binary, refer to <Document 1004352.1> How to Download and Install Sun Storage Configuration Service Software (SUNWsscs).

After ensuring that all LUNs are unmounted, console access is established, and the sccli command is available on the Solaris host from which the procedure will be carried out, execute the sccli command as root and reset NVRAM:

# /usr/sbin/sccli

sccli: selected device /dev/rdsk/c1t216000C0FF80xxxxd0s2 [SUN StorEdge 3510 SN#00XXX]

sccli> reset nvram

WARNING: The configuration of the array controller will be erased.

Factory default parameters will take effect at next controller reset.

Logical devices may not be accessible until mappings are reconfigured.

Are you sure? Y

When the above completes you should now be able to tip into the array and not be prompted for a password. At this point you can set the password to something you desire.

Verify your controller settings including LUN mappings and SCSI channels, communication parameters such as IP, subnet mask, gateway, and any array global settings such as drive-side parameters or I/O optimization. Once complete, save NVRAM settings to disk.

Do you still have questions? You can use My Oracle Support Communities. Communities put you in touch with industry professionals like yourself. They are monitored by Oracle support engineers, so you can expect reliable and correct answers. Ask questions and see what others are asking about in the Disk Storage 2000, 3000, 6000 RAID Arrays & JBODs Community.

(This document has been updated and reviewed in September 2014,
and the external content above was revised. The internal section
below was not reviewed or revised, but it is retained in case
its information is useful for support engineers.)

Internal Comments
Changing NVRAM using a spare controller

If you do not have a host with a lun mapped to it from the array
with the lost password you will need a spare controller either one
from another SE3xxx who's password is not set or who's password is
known. Additionally you want this extra controller to have
the same firmware or higher as the array with the lost password. If not you will need to upgrade your firmware once you
complete the below steps.

Warning

Do the
following procedure during a maintenance window with all host LUNs
un-mounted and not in use. The spare controller should
contain the same firmware or higher as is currently on the
controllers in the array.

Follow the steps outlined below:

Un-mount all LUNs from the raid insuring none are in use.

Power down the SE3xxx leaving any JBODs powered up and remove
both controllers.

Insert the extra controller and power up the array head.

Insert one of the password protected controllers
into the array. Wait for it to become secondary. This will be
indicated by the wrench/status light going solid green and the
spare controller's light blinking green. On the 3310 both
controllers wrench/status light will be solid green wait till spare
begins blinking this indicates primary controller, which in this
case should be our spare controller.

Remove the spare controller and wait 30 seconds to insure the
secondary is now primary, indicated by a blinking green
wrench/status light.

Insert the other password protected controller wait for the
wrench/status light on it to go solid green.

You should now be able to tip into the array and not be prompted
for a password. At this point you should set a password, if
desired, and change any NVRAM setting that were lost to include
host lun mappings and scsi channel Ids & communication
parameters such as IP, sub-netmask, gateway and any array global
settings to include drive side parameters & I/O
optimization.

Save your NVRAM settings back to disk.

Reset the controller through the main menu system functions. The controllers will reboot and the controller with the
higher serial number should become primary indicated by a blinking
wrench/status light.

If the spare controller that was used had an older or newer
firmware version you will now need to upgrade or downgrade the
firmware back to what it was following the patch readme.

Previously Published As
71590

Attachments

This solution has no attachment