SRX Services Gateway
Reply
Contributor
paulkil
Posts: 127
Registered: ‎11-05-2010
0

locked out of srx240

Hi guys,

I'm in a pickle here. Trying to install srx240.

 

I cannot log on to it since I configured clustering without deleting switching first.

 

I tried the revcovery procedure to reset the root password but it would not let me commit the change saying "cannot configure ge0/0/0 while in clustering mode.

 

When I reboot the device I get this alarm:

 

 

***** FILE SYSTEM MARKED CLEAN *****
Loading configuration ...
mgd: error: Cannot open configuration file: /config/juniper.conf
mgd: warning: activating factory configuration
Interface control process: [edit interfaces]
Interface control process:   'ge-0/0/0'
Interface control process:      HA management port cannot be configured
mgd: error: configuration check-out failed
Warning: Commit failed, activating partial configuration.
Warning: Edit the router configuration to fix these errors.
Setting initial options:  debugger_on_panic=NO debugger_on_break=NO.
Starting optional daemons:  usbd.
Doing initial network setup:

 

 

Is there any way around this???

 

 

Thanks,

 

Paul

 

 

Distinguished Expert
muttbarker
Posts: 2,376
Registered: ‎01-29-2008
0

Re: locked out of srx240

When you boot into single user mode did you try issuing a "set chassis cluster disable reboot" command from the operational level prompt?

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
paulkil
Posts: 127
Registered: ‎11-05-2010
0

Re: locked out of srx240

Hey, thanks for the reply.

 

Yes I tried that but it would not let me issue the command :-(

 

Paul

Distinguished Expert
muttbarker
Posts: 2,376
Registered: ‎01-29-2008
0

Re: locked out of srx240

Ok - here is my "stupid" question of the day. Did you try deleting the ge-0/0/0 config? Or actually just deleting all the config when you were in single user mode? Then just saving the newly updated config with the root password?

 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
paulkil
Posts: 127
Registered: ‎11-05-2010
0

Re: locked out of srx240

Hi again,

so basically here's what happened:

 

I logged into SRX240, added a root password and "set chassis cluster cluster-id 1 node 0 reboot"

 

Then after reboot I tried to delete the ge-0/0/0 config but it wouldn't let me.

 

I rebooted the srx240 again and ever since my root password doesn't work.

 

I tried doing the password recovery procedure but I cannot "commit" because it comes back with an error saying "cannot config ge-0/0/0 when in cluster mode"

 

Is there anything I can do to recover the situation? I'm on site very far from home and under some pressure here.

 

Thanks,

 

Paul

Contributor
paulkil
Posts: 127
Registered: ‎11-05-2010
0

Re: locked out of srx240

OK so here is what happens when I get into recovery mode:

 

{hold:node1}
root>

{hold:node1}
root> set chassis cluster disable reboot
error: the jsrp-service subsystem is not running

{hold:node1}
root> configure
warning: Clustering enabled; using private edit
error: shared configuration database modified

Please temporarily use 'configure shared' to commit
outstanding changes in the shared database, exit,
and return to configuration mode using 'configure'

{hold:node1}
root> configure shared
Entering configuration mode
The configuration has been changed but not committed

{hold:node1}[edit]
root# set system root-authentication plain-text-password
New password:
Retype new password:

{hold:node1}[edit]
root# commit and-quit
[edit interfaces]
  'ge-0/0/0'
     HA management port cannot be configured
error: configuration check-out failed

{hold:node1}[edit]
root# 

Distinguished Expert
dfex
Posts: 758
Registered: ‎04-17-2008
0

Re: locked out of srx240

If you can't delete the ge-0/0/0 config as suggested, try using the config reset button on the box
Ben Dale
JNCIP-ENT, JNCIS-SP, JNCIE-SEC #63
Juniper Ambassador
Follow me @labelswitcher
Contributor
paulkil
Posts: 127
Registered: ‎11-05-2010
0

Re: locked out of srx240

I trief using that button also. No change :-(

 

Paul

Trusted Contributor
dscott
Posts: 122
Registered: ‎03-17-2011
0

Re: locked out of srx240

Time for another stupid suggestion. Nave you tried logging in as root, and leaving the password blank?

I had an issue the last time indid a firmware upgrade on a cluster from 10.3 to 10.4 where node 1 somehow lost the root password, and would come up in a hold status.

I ended up having to reinstall the OS from single user mode, and it came up just fine after that.

I would definitely get ahold of jtac though, they should be able to get you fixed quickly.
Dustin

VCP-4/5, JNCIS-SEC, JNCIP-ENT
Visitor
mbini
Posts: 4
Registered: ‎02-04-2010
0

Re: locked out of srx240

fantastico

thank you

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.