Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
chall_FTNT
Staff
Staff

Created on ‎04-17-2017 02:15 PM Edited on ‎11-25-2021 04:23 AM By Community Manager

Troubleshooting Tip: Restoring FortiManager or FortiAnalyzer configuration when admin password is lost

Description
This article explains what to do when access to the admin password for a FortiManager or FortiAnalyzer unit is lost.

Scope
The maintainer account has been removed for FortiManager or FortiAnalyzer products running:
  -  5.2 for patches 8 or later
  -  5.4 for any patch level

Solution
For newer FortiManager or FortiAnalyzer products, there is no password recovery mechanism (maintainer account) as there is in FortiOS.

There are two approaches for dealing with this scenario. 


Icon-Light-Bulb.png Special precautions must be taken if workflow mode is in use (see below).

 

1. BIOS Configuration Menu (Does NOT require a configuration backup file)
For FortiManager and FortiAnalyzer appliances, formatting flash and reloading the image (from the BIOS configuration menu) will erase the system settings including the administrative accounts. 
 
Icon-Light-Bulb.png System settings include IP and routes. Access to the serial console to reconfigure IP and routing is required to restore remote connectivity.

The factory-default administrative account can then be used. Information about managed devices (e.g. policy packages on FortiManager and logs and reports on FortiAnalyzer) are unaffected by these changes and are still preserved on the disk.
Icon-Light-Bulb.png For FortiManager and FortiAnalyzer VMs, the above step is not an option.

Workflow sessions are lost when using this approach.
The above steps are only for appliances.  For VMWare, it is possible to replace the storage disk and so accomplish the same purpose (see "Related Articles").

 
2. Migrate Command (Requires a configuration backup file)

Starting in 5.4.1, the exec migrate command was introduced that allows a backup of the configuration file to be loaded. 

See related KB Article "Using 'exec migrate' to migrate to a new ForitAnalyzer/FortiManager model".

This approach is the main one for virtual machines (VMs) because approach #1 above only applies to appliances & not VMs.

1. Create a new VM.
 
Icon-Light-Bulb.png Prior to running exec migrate:

If workflow mode was in use on the original unit, workflow mode should be enabled on the new unit PRIOR to running exec migrate.
If this order is followed, workflow sessions are preserved.

Also, if multiple ADOMs were previously in use, enable ADOMs first.

2. Run the exec migrate command.
3. The default admin account and password can still be used (system settings are not restored).

For FortiManager and FortiAnalyzer VMs prior to 5.4.1, contact Fortinet Technical Support for assistance.

 

Related Articles

Technical Note: Using 'exec migrate' to migrate to a new FortiAnalyzer / FortiManager model

Technical Tip: How to recover access to FortiManager or FortiAnalyzer when the admin password is los...

17646
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.