Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

How to restore the Web Gateway admin password if it is forgotten or lost

  1. Last updated
  2. Save as PDF

If you forgot the password for the admin user of your appliance, you can restore the password to the initial password webgateway and gain access to the GUI again.
To do so, you must have root access to the command line, either through SSH or on a local console

To complete this procedure, you must be familiar with MWG and basic Linux administration. If you are unsure, contact Technical Support to restore the password.

 

  1. Stop the MWG Coordinator and MWG UI:

    /etc/init.d/mwg-coordinator stop
    /etc/init.d/mwg-ui stop
     
  2. Change directory to the MWG storage folder:

    cd /opt/mwg/storage/default
     
  3. Change to the folder containing your current configuration. This configuration is usually the most recent time stamp. Example: cd 2015-10-05_15-42-16-631_+0200


Or, you can use the following command to change directly into the most recent folder. This command might or might not work in your environment:
cd `cat /opt/mwg/storage/active_configuration`
 

  1.  Change to the internal sub folder: 

cd internal/

  1. Edit the administration.xml file. You will see an entry for each user, similar to the following example. Make sure that you pick the admin user. The user name is located within the <login> tags. (If the user name had been changed, that is fine. You can change it back to admin or leave it as is. Make sure that the adminrole is "superadmin" within the <roleID> tags):
  <set>
    <admin id="com.mcafee.k.admins.initial">
      <login>admin</login>
      <name></name>
      <passwordHash>SHA-256:1000:6uBaImP3XhOsIX     ...............................     Xjfp5XtP/1os=</passwordHash>
      <roleID>com.mcafee.k.adminrole.superadmin</roleID>
    </admin>
  </set>

The password is stored as a hashed value in the <passwordHash> key (bold type in the example).
  1. Modify the passwordHash line so that it looks exactly like the following:

<passwordHash>SHA-256:1000:MUVpa4aENB3zEaOHKU8xoQ==:f0eS7dCjDCaO1dm43qIj5/Uveg6cVB3BTDSnZiTqVGwyqF1FK3TZsDrXsXkwxqJpZnvzWlu2rOzLfKizTZM0GZIECDNTZdr3oI+8biag/SV0wUhkPgzWgAvdMzXHW1m9tn/TkMdsN5k1EeS0JU+rdF13ZFBLURoQKb3rLGKUie/cDNOng1ZO/pSVQYZn2U8yJa1Xob0MT/Tu62b0aavIaLqtL9fXmkW624oOotdVZD8eVqGrEfmGPFJLm7p9YE1gWxqabDJgJMAuSI1603THvg0+KL7o46WORhBgyDnpcpM3oXbVGIOCFP8x0xj+fPtYinEUTjrGGW7Ow6RPNtB0t5KqwMD2df1+Xm+eIAH4PYKKpFnljl/6z4ChTCvIFV3/rnrVhZZ94GGx5DRQWtVT+PkoNKZDOTWTh0oWI+0BhmbkAqooWgF7yR7LVRo1Nj07ZKMCw9mO55abP/Bm4FFAzFbtB0x/S9VaMxiXvMTRhwhSTjxHm1wJHFxcfJzB2VPOqhp+ywB8/vVmrncAZRXc9hmOR6ptSu9VZm8x8oiL9cwZ2+TSyZTi9h6VCH9DfmjvHAJUEccTMA2pNLhFywlyVGDs8wC+lTCSCMYE9olA0ASdtTT9Mm0BxDcL8LhZUy6dDJl9t2urngK7RPrHTqlLeg5YOSYFcpv+yKBRPoxutTI=</passwordHash>

The complete entry for the admin user should then look similar to this:

  <set>
     <admin id="com.mcafee.k.admins.initial">
      <login>admin</login>
      <name></name>
      <passwordHash>SHA-256:1000:MUVpa4aENB3zEaOHKU8xoQ==:f0eS7dCjDCaO1dm43qIj5/Uveg6cVB3BTDSnZiTqVGwyqF1FK3TZsDrXsXkwxqJpZnvzWlu2rOzLfKizTZM0GZIECDNTZdr3oI+8biag/SV0wUhkPgzWgAvdMzXHW1m9tn/TkMdsN5k1EeS0JU+rdF13ZFBLURoQKb3rLGKUie/cDNOng1ZO/pSVQYZn2U8yJa1Xob0MT/Tu62b0aavIaLqtL9fXmkW624oOotdVZD8eVqGrEfmGPFJLm7p9YE1gWxqabDJgJMAuSI1603THvg0+KL7o46WORhBgyDnpcpM3oXbVGIOCFP8x0xj+fPtYinEUTjrGGW7Ow6RPNtB0t5KqwMD2df1+Xm+eIAH4PYKKpFnljl/6z4ChTCvIFV3/rnrVhZZ94GGx5DRQWtVT+PkoNKZDOTWTh0oWI+0BhmbkAqooWgF7yR7LVRo1Nj07ZKMCw9mO55abP/Bm4FFAzFbtB0x/S9VaMxiXvMTRhwhSTjxHm1wJHFxcfJzB2VPOqhp+ywB8/vVmrncAZRXc9hmOR6ptSu9VZm8x8oiL9cwZ2+TSyZTi9h6VCH9DfmjvHAJUEccTMA2pNLhFywlyVGDs8wC+lTCSCMYE9olA0ASdtTT9Mm0BxDcL8LhZUy6dDJl9t2urngK7RPrHTqlLeg5YOSYFcpv+yKBRPoxutTI=</passwordHash>
      <roleID>com.mcafee.k.adminrole.superadmin</roleID>
    </admin>
  </set>
  1. Save the changes to the file administration.xml.
  2. Because all storage folders are protected by a hash to prevent unwanted changes, recalculate the hash for your folder. Enforce the hash as the most recent configuration using the proper time stamp:
    /opt/mwg/bin/mwg-coordinator -F "file:in=/opt/mwg/storage/default/2015-10-05_15-42-16-631_+0200"

You need to adjust the folder to the most recent configuration you have changed in the preceding steps. Alternatively, the following should automatically detect the most recent folder. This step might or might not work in your environment:
/opt/mwg/bin/mwg-coordinator -F "file:in=`cat /opt/mwg/storage/active_configuration`"

 

  1. Check the mwg-coordinator output. It should print a line like:

    OK - enforced as folder '/opt/mwg/storage/default/2015-10-05_16-14-36-975_+0200'.

  1. Adjust the permissions for the Coordinator, using the proper timestamp:

      chown -R mwgc.mwg /opt/mwg/storage/default/2015-10-05_16-14-36-975_+0200*

The following command should automatically detect the correct folder and adjust the permissions. This command might or might not work in your environment):
chown -R mwgc.mwg `cat /opt/mwg/storage/active_configuration`*

  1. Start the MWG Coordinator and MWG UI:

    /etc/init.d/mwg-coordinator start
    /etc/init.d/mwg-ui start

You can now access the UI again and log on with admin and the initial password of webgateway.

Change the password for the admin user and remember or document the password accordingly.

Related Information

To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.

  • If you are a registered user, type your User ID and Password, and then click Log In.
  • If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.