FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
mdeparisse_FTNT
Article Id 198322

Description


This article describes how to recover access to FortiManager/FortiAnalyzer VM when the admin password is lost and no configuration backup is available.


Scope


FortiAnalyzer and FortiManager.

Solution

 

This article is for VMs without snapshots. If using VM snapshots, it may risk data loss and corruption of service.


Any action taken upon the information in this article is strictly at personal risk.

 

VM-based FortiManager and FortiAnalyzer.

  1. Download the OVF file for the current firmware version here (more detailed description later on in this article, making sure to select the firmware version that is currently running on the machine to avoid any possible issue caused by downgrade or unwanted upgrade).
  2. Extract the fmg.vmdk file from a new .vmware.zip archive. Rename it fmg2.vmdk and add it to the directory where the existing FMGVM is stored.
  3. Create a new SCSI disk (0:2 since 0:1 is used by DATADRIVE) and map it to this new fmg2.vmdk file.
  4. Delete the original SCSI 0:0 disk.
  5. Remap the new SCSI 0:2 disk to 0:0.
  6. This will replace the original disk and it may be powered on the unit, reconfigure the System Settings (as described at the bottom of the KB article), and reapply the VM license.

VMware vSphere Hypervisor (ESX/ESXi) and VMware vSphere Client.

  1. Download the OVF file for the current firmware version here (more detailed description later on in this KB, making sure to select the firmware version which is currently running on the machine to avoid any possible issue caused by downgrade or unwanted upgrade).
  2. Extract the fmg.vmdk file from a new .vmware.zip archive, rename it fmg2.vmdk.
  3. Upload fmg2.vmdk to the host datastore where is the original file (fmg.vmdk).
  4. Login via SSH to the ESXI host here.
  5. Convert the fmg2.vmdk (choose a different name for the converted file, in the example below 'fmg2-convert.vmdk') file as described here.

 

[jdvorak@chyost:~] vmkfstools -i /vmfs/volumes/data2/FortiManager-VM/fmg2.vmdk /vmfs/volumes/data2/FortiManager-VM/fmg2-convert.vmdk
Destination disk format: VMFS zeroedthick
Cloning disk '/vmfs/volumes/data2/FortiManager-VM/fmg2.vmdk'...
Clone: 100% done

 

Rename the converted file 'fmg2-convert.vmdk' to the original fmg disk 'fmg.vmdk' as follows:

 

[jdvorak@chyost:/vmfs/volumes/547d0cf2-3d7fec60-aee2-00215a0dc088/FortiManager-VM] mv fmg2-convert.vmdk fmg.vmdk

 

This will replace the original disk, and it may be powered on the unit and reconfigure the System Settings (as described at the end of the article), and reapply the VM license.

After rebooting the VM, in some cases, the customer will get an error ' There is no Operating System'.

 

If the issue occurs, redeploy the new instance and follow the same settings as the original instance. 

 

For the hard disk, storing the log data, the original instance needs to be copied to the new instance.

 

Do not delete the original instance event the new instance has been added.

Note:

If using migrate option, before running exec migrate consider the following points:

If workflow mode was in use on the original unit, workflow mode should be enabled on the new unit PRIOR to running exec migrate.
If this order is followed, workflow sessions are preserved.

Also, if multiple ADOMs were previously in use, enable ADOMs first.

 

Related articles:

Troubleshooting Tip: Restoring FortiManager or FortiAnalyzer configuration when admin password is lo...

Technical Note: FortiManager Tips and Best Practices Guide

Technical Tip: How to recover access to FortiManager or FortiAnalyzer when the admin password is los...

Technical Tip: How to change Admin default User