Troubleshooting Users

This chapter contains the following sections:

Resetting Local Admin Password

This section describes how to reset the local admin password for your Multi-Site Orchestrator cluster. Note that this procedure applies to MSO OVA deployments in VMware ESX only and not Application Services Engine or Nexus Dashboard deployments.

Procedure

Step 1

SSH in to any one of the cluster nodes as the root user.

Step 2

Delete the admin credentials.

Use the following script to delete the admin credentials: 

# cd /opt/cisco/msc/builds/<build_version>/bin
# ./msc_delete_admin.sh
Step 3

Restart the msc_userservice service. 

# docker service update --force --detach=false msc_userservice

This will reset the admin user's password to the default password. Note that the default password depends on the specific version of the Multi-Site Orchestrator you are running, consult the Cisco Multi-Site Installation and Upgrade Guide for your version.

Troubleshooting Cisco ACI Multi-Site External User Authentication

Use the following tips to troubleshoot external user authentication problems.

Procedure

Step 1

To investigate the error Authentication method failed, verify the following:

  • The key given in the Provider configuration is correct

  • The Multi-Site (client) IP address is registered in the remote Cisco ACS server
Step 2

To investigate the error Invalid user credentials, verify the following:

  • The username entered on the Multi-Site login screen is correct and matches one that is configured on the Cisco ACS server

  • The password entered on the Multi-Site login screen is correct and matches one that is configured on the Cisco ACS server
Step 3

If the user sees a Loading icon, followed by the errors Loading ... and Authentication method failed, verify the following:

  • The IP address in the Provider configuration is correct

  • The IP addresses for the Provider and Cisco ACS are reachable

  • The port and protocol in the Provider configuration is correct

  • The correct authentication method (TACACS+ or RADIUS) is selected on the remote ACS server under ...Network Devices and AAA Clients > Authentication Options

  • The correct shared secret is provided in the remote ACS server user configuration, and it is not empty
Step 4

If the user is able to login, but is not able to see anything or is not able to see any tabs on the Multi-Site GUI, verify that the Cisco AV Pair and the roles are configured correctly for that user, on the remote ACS server.