Perhaps you picked up an APC Metered Rack PDU used, and want to use the built-in management features but can’t because you’re locked out.
This often happens not only with the sale of used equipment, but also when there isn’t good documentation, or a company acquires a competitor and has to absorb all their power management IT infrastructure. These are plausible scenarios, but what happens more often than not is someone simply forgets the password they configured (good for you not keeping the defaults!), or in my case they simply botched the configuration.
Here’s the stupid thing that I did to lock myself out.
Rather than use the local user database within the management on this APC / Schneider Electric AP7863 (successor model is AP8863) I figured it would be a great idea to use the RADIUS servers we have on premise to control access to the APC PDU’s throughout our environment. I set everything up, it worked fine. However, while poking around in one PDU several weeks later, I made a mistake and transposed digits of the IP of the RADIUS server and committed the changes without testing. Turns out that the IP is another host on the network which is pinging, so the PDU thinks this is a RADIUS server that is online. The PDU is set to Authentication Method: RADIUS, then Local Authentication which means it will never failover to local credentials because it thinks the RADIUS server is reachable.
I’ve got an idea, let’s console in.
This is usually how you would need to get into a device if your usual web-GUI or SSH access is cut off. Grab your handy (or not so handy, I ordered one on Amazon a while back) 940-0144 RJ-12 serial console cable and fire up Putty / Hyperterminal set to 9600 bps, 8 data bits, no parity, 1 stop bit, and no flow control. However, there’s a problem in that the console access is not working because of the same authentication issue, and the default password of apc/apc is a no-go either.
Not very exciting to look at when it doesn’t accept your credentials. Good news is that we can do a password reset which will retain the management interface’s network settings (IP address, etc), allow us to get in and reset the password or correct whatever authentication configuration error we made, and keep everything else. It’s also worth mentioning that this process only resets the management interface, not the actual power outlets. I was able to do this during production hours. If in doubt, be sure to verify this is the case with your model PDU – I won’t be held responsible if you reboot your server cabinet in the middle of the day!
Password Recovery Procedure
1) Get a paperclip and unfold it.
2) Press and hold “reset” button with paperclip.
3) “Status” LED will almost immediately start blinking rapid green / amber.
4) “Link” Light will come on solid amber after about 3 seconds.
5) Release the “reset” button as soon as you see the “Link” light go solid.
6) Wait 2-3 seconds.
7) Press reset and hold AGAIN, but only until you see both “Status” and “Link” LED lights turn off.
8) Hit Enter on console session until you get “User Name” prompt.
9) Enter username: apc
10) Enter password: apc
We’re back in business and able to login via console.
If it resets properly, then you should be able to login using the default username and password combination of apc/apc. You need to have the console cable already connected and ready to go because I believe there is only a 30 second window in which you can connect in again with the default credentials.
At this point you are logged in and can navigate through menus to make the necesary changes to restore access.
For example:
I needed to go to 3 (System), 2 (Identification), 5 (RADIUS) to fix my erroneous configuration
To reset a local user account it is under 3 (System), 1 (User Manager), 1 (Administrator)
Don’t forget to “Accept Changes” on any options you update before logging out.
Leave A Comment