How to reset admin password
Note: This functionality is only available on versions 5.3.6, 5.4.4, and 6.0.0 or newer.
Periodically a situation arises when FortiADC needs to be accessed or the admin account’s password needs to be changed but no one with the existing password is available. If physical access to the device is possible, this feature enables the admin password to be reset.
A new maintainer user account is made available after a cold boot for 60 seconds after the system clock starts to tick. This account only has access to reset admin accounts’ password and a few other commands to execute as detailed below. A maintainer user login is limited to console access and cannot log in via any other method.
Once logged into FortiADC as a maintainer user, FortiADC can be reset to factory default settings. This can be useful if the admin administrator account was deleted.
Maintainer user access is enabled by default.
- Console cable
- Terminal software (e.g. Putty.exe for Windows, Terminal for MacOS)
- Serial number of the FortiADC unit
To enable/disable maintainer user account access:
config system global
set admin-maintainer enable/disable
- Maintainer user account is only available after a cold reboot.
- Maintainer user account is not available after a warm reboot or upgrade.
- Maintainer user account is only available for 60s after the device powers up. In some cases, this may translate to less than 15s after the login prompt is displayed.
- Maintainer user has console access only.
- Maintainer user can only be used to reset admin password.
- For some VM platforms, cold reboot is labeled “Reset”.
- For hardware systems, physical access is required. To cold reboot in cases when power switch is not available, unplug power cable and plug back in after 10s.
- For security purposes, using the maintainer account and resetting a password will cause a log to be created, making these actions traceable.
- Connect to the ADC console port or access the VM console.
- Cold reboot the ADC as described above.
- Wait for ADC login prompt to appear.
- Type in username: maintainer
- The password is bcpb<serial number> (e.g. bcpbFAD2HF3A17000103)
- Now logged in as maintainer, type the following commands to change the admin password.
- In a FortiADC unit where VDOMs are not enabled:
- in a FortiADC unit where VDOMs are enabled:
# config system admin
# config global
config system admin
- If the admin account was deleted, execute factory reset to recover.
- If the admin account was not deleted, then reboot.
- New admin password should now be in effect.
FortiADC-200F ( 0:56-09.26.2017)
Total RAM: 8192MB
Boot up, boot device capacity: 1968MB.
Press any key to display configuration menu...
Reading boot image 6393140 bytes.
System is started.
# execute factoryreset
# execute reboot