Description

This article describes how to reset the OS root password for the host in FortiAnalyzer BigData when the root password is lost or un-recalled. This reset OS password feature is introduced in version 7.2.5 GA and above. Please take note that the term host and blade will be used interchangeability in the article as it is referring to the same component.

Scope

FortiAnalyzer BigData 4500F, FortiAnalyzer-BD-VM version 7.2.5 GA and above. 

Solution

The general steps to reset the OS password is applicable when the following conditions is available:

1. FortiAnalyzer GUI is accessible.
2. Able to identify the active controller via the Cluster Manager after login into FortiAnalyzer GUI. 
3. Chassis Management Module (CMM) is accessible (For hardware based).
4. Fortinet Product Credentials card is available if there is no change to the default credential (For hardware based). 

General Steps:

1. Login into FortiAnalyzer GUI to disable the standby controller failover, and navigate to Cluster Manager -> Services -> Core -> Controller Failover -> Stop.
2. To identify the active controller, navigate to Cluster Manager -> Hosts -> The host display with the icon  will be the current active controller. See the KB article: Technical Tip: How to verify the current active controller in FortiAnalyzer BigData
3.  This step is only applicable to hardware based with CMM access, for VM based, you can start from the section below starting with the FAZBD Boot Menu right after you power reset the BD instance in the hypervisor. For hardware based, firstly, launch another browser tab, login into Chassis Management Module (CMM) GUI, and navigate to Blade Status, on the BMC IPV4 column, select the BMC IPV4 link that corresponds to the blade to access the BMC remote console, then the GUI login will be prompted for a login and the default login credentials username/password are on the Fortinet Product Credentials card -> Remote Control, select Console Redirection or iKVM/HTML5, login into the blade with default username/password: root/fortinet@123 if it has not been changed, log in with the correct credential.

A sample of the Fortinet Product Credentials card looks like this below, It comes together with the hardware package:

An example where the host that is identified as the active controller is blade-2 with the hostname of blade-198-18-1-2 is taken.

In the CMM screenshot above, click on the BMC IPV4 (10.1.30.231) to access the BMC remote console which is indicated as Blade A2. 

The host remote console will be visible as follows:

Go back to step (2) above, reboot the active controller via the Cluster Manager GUI, and navigate to Cluster Manager -> Hosts -> Host name of blade-198-18-1-2 (in our example Blade A2) -> Restart.

Observe the BMC remote console for Blade A2 where it will restart and boot into the FAZBD Boot Menu, in the same boot menu quickly use the Up key to move to the bootloader option and hit enter.  VM based will basically having the same view after the BD instance is power reset. 

In the bootloader menu, type in 11 to reset the root password for the host, it will reset to the default credential: root/fortinet@123

Read the printed instructions and type in y to proceed to reset the password.

The previous action will then bring back to the bootloader menu, type in 0 to reboot the host.

Do not interrupt the host boot up and let the host boot into the default fazbd option under the FAZBD Boot Menu.

4. After the bootup, login back into the host again (which is the active controller that you restarted) with the default credential: root/fortinet@123

5. At this point, use the CLI command fazbdctl set password to reset it for all the hosts, the root OS password is then set to your desired password.