SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Expand all | Collapse all

locked out of srx240

  • 1.  locked out of srx240

    Posted 09-09-2011 14:19

    Hi guys,

    I'm in a pickle here. Trying to install srx240.

     

    I cannot log on to it since I configured clustering without deleting switching first.

     

    I tried the revcovery procedure to reset the root password but it would not let me commit the change saying "cannot configure ge0/0/0 while in clustering mode.

     

    When I reboot the device I get this alarm:

     

     

    ***** FILE SYSTEM MARKED CLEAN *****
    Loading configuration ...
    mgd: error: Cannot open configuration file: /config/juniper.conf
    mgd: warning: activating factory configuration
    Interface control process: [edit interfaces]
    Interface control process:   'ge-0/0/0'
    Interface control process:      HA management port cannot be configured
    mgd: error: configuration check-out failed
    Warning: Commit failed, activating partial configuration.
    Warning: Edit the router configuration to fix these errors.
    Setting initial options:  debugger_on_panic=NO debugger_on_break=NO.
    Starting optional daemons:  usbd.
    Doing initial network setup:

     

     

    Is there any way around this???

     

     

    Thanks,

     

    Paul

     

     



  • 2.  RE: locked out of srx240

    Posted 09-09-2011 14:32

    When you boot into single user mode did you try issuing a "set chassis cluster disable reboot" command from the operational level prompt?



  • 3.  RE: locked out of srx240

    Posted 09-09-2011 15:06

    Hey, thanks for the reply.

     

    Yes I tried that but it would not let me issue the command 😞

     

    Paul



  • 4.  RE: locked out of srx240

    Posted 09-09-2011 15:11

    Ok - here is my "stupid" question of the day. Did you try deleting the ge-0/0/0 config? Or actually just deleting all the config when you were in single user mode? Then just saving the newly updated config with the root password?

     



  • 5.  RE: locked out of srx240

    Posted 09-10-2011 02:24

    Hi again,

    so basically here's what happened:

     

    I logged into SRX240, added a root password and "set chassis cluster cluster-id 1 node 0 reboot"

     

    Then after reboot I tried to delete the ge-0/0/0 config but it wouldn't let me.

     

    I rebooted the srx240 again and ever since my root password doesn't work.

     

    I tried doing the password recovery procedure but I cannot "commit" because it comes back with an error saying "cannot config ge-0/0/0 when in cluster mode"

     

    Is there anything I can do to recover the situation? I'm on site very far from home and under some pressure here.

     

    Thanks,

     

    Paul



  • 6.  RE: locked out of srx240

    Posted 09-10-2011 02:58

    OK so here is what happens when I get into recovery mode:

     

    {hold:node1}
    root>

    {hold:node1}
    root> set chassis cluster disable reboot
    error: the jsrp-service subsystem is not running

    {hold:node1}
    root> configure
    warning: Clustering enabled; using private edit
    error: shared configuration database modified

    Please temporarily use 'configure shared' to commit
    outstanding changes in the shared database, exit,
    and return to configuration mode using 'configure'

    {hold:node1}
    root> configure shared
    Entering configuration mode
    The configuration has been changed but not committed

    {hold:node1}[edit]
    root# set system root-authentication plain-text-password
    New password:
    Retype new password:

    {hold:node1}[edit]
    root# commit and-quit
    [edit interfaces]
      'ge-0/0/0'
         HA management port cannot be configured
    error: configuration check-out failed

    {hold:node1}[edit]
    root#



  • 7.  RE: locked out of srx240

    Posted 09-10-2011 04:25
    If you can't delete the ge-0/0/0 config as suggested, try using the config reset button on the box


  • 8.  RE: locked out of srx240

    Posted 09-10-2011 05:23

    I trief using that button also. No change 😞

     

    Paul



  • 9.  RE: locked out of srx240

    Posted 09-10-2011 05:31
    Time for another stupid suggestion. Nave you tried logging in as root, and leaving the password blank?

    I had an issue the last time indid a firmware upgrade on a cluster from 10.3 to 10.4 where node 1 somehow lost the root password, and would come up in a hold status.

    I ended up having to reinstall the OS from single user mode, and it came up just fine after that.

    I would definitely get ahold of jtac though, they should be able to get you fixed quickly.


  • 10.  RE: locked out of srx240

    Posted 04-19-2012 08:56

    fantastico

    thank you



  • 11.  RE: locked out of srx240

    Posted 03-25-2013 12:36

    I faced the similer issue

     

    After going through loader prompt

    1st  issue watchdog disable

    then boot -s

    2nd once you are at root> you wont be able to go configuration mode to set root authentication

    so issue command requst system zeroize 

    then system will reboot

    then issue set chassis cluster disable reboot

    then again system will reboot

    but this time you can go to configuration mode and change the root authentication 

     

     

    Thanks and regard 

    Vallabh Ratnakar



  • 12.  RE: locked out of srx240

    Posted 03-09-2018 10:41

    Vallabh Ratnakar's solution worked for me on SRX340.

    Thank you,



  • 13.  RE: locked out of srx240

    Posted 11-07-2019 16:26

    This fixed the problem!



  • 14.  RE: locked out of srx240

    Posted 11-03-2021 09:09
    Hi So I imput command  requst system zeroize   and got error  :  

    error: the ipsec-key-management subsystem is not running
    warning: zeroizing re0


    ------------------------------
    PETER MUSUTA
    ------------------------------



  • 15.  RE: locked out of srx240

    Posted 09-15-2015 21:04

    Any body solve this issue? I have the same issue with 2 srx 240 that do not accept any psw since configured in cluster. They  do not accept to be reset. I like to kow how to get the SRX reset. I also try the faillover and load factory command and it's still not possible to get the change commit.


    @paulkil wrote:

    Hi guys,

    I'm in a pickle here. Trying to install srx240.

     

    I cannot log on to it since I configured clustering without deleting switching first.

     

    I tried the revcovery procedure to reset the root password but it would not let me commit the change saying "cannot configure ge0/0/0 while in clustering mode.

     

    When I reboot the device I get this alarm:

     

     

    ***** FILE SYSTEM MARKED CLEAN *****
    Loading configuration ...
    mgd: error: Cannot open configuration file: /config/juniper.conf
    mgd: warning: activating factory configuration
    Interface control process: [edit interfaces]
    Interface control process:   'ge-0/0/0'
    Interface control process:      HA management port cannot be configured
    mgd: error: configuration check-out failed
    Warning: Commit failed, activating partial configuration.
    Warning: Edit the router configuration to fix these errors.
    Setting initial options:  debugger_on_panic=NO debugger_on_break=NO.
    Starting optional daemons:  usbd.
    Doing initial network setup:

     

     

    Is there any way around this???

     

     

    Thanks,

     

    Paul

     

     




     

     

    Loading configuration ...

    mgd: error: Cannot open configuration file: /config/juniper.conf

    mgd: warning: activating factory configuration

    Interface control process: [edit interfaces]

    Interface control process:   'ge-0/0/0'

    Interface control process:      HA management port cannot be configured

    mgd: error: configuration check-out failed

    Warning: Commit failed, activating partial configuration.

    Warning: Edit the router configuration to fix these errors.

    Setting initial options: .

    Starting optional daemons:  usbd.

    Doing initial network setup:

    .

    Initial interface configuration:

    additional daemons: eventd.

    Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boot/modules;/modules/ifpfe_drv;/modules;

    kld netpfe drv: ifpfed_dialer.

    Doing additional network setup:.

    Starting final network daemons:.

    setting ldconfig path: /usr/lib /opt/lib

    starting standard daemons: cron.

    Initial rc.mips initialization:.

    Local package initialization:.

    starting local daemons:.

    Creating JAIL MFS partition...

    JAIL MFS partition created

    boot.upgrade.uboot="0xBFC00000"

    boot.upgrade.loader="0xBFE00000"

    Boot media /dev/da0 has dual root support

    ** /dev/da0s2a

    FILE SYSTEM CLEAN; SKIPPING CHECKS

    clean, 245781 free (21 frags, 30720 blocks, 0.0% fragmentation)

    Wed Sep 16 08:17:35 UTC 2015

    Running recovery script ...

    machdep.bootsuccess: 1 -> 1

     

     

    Performing initialization of management services ...

    Performing checkout of management services ...

     

    NOTE: Once in the CLI, you will need to enter configuration mode using

    NOTE: the 'configure' command to make any required changes. For example,

    NOTE: to reset the root password, type:

    NOTE:    configure

    NOTE:    set system root-authentication plain-text-password

    NOTE:    (enter the new password when asked)

    NOTE:    commit

    NOTE:    exit

    NOTE:    exit

    NOTE: When you exit the CLI, you will be asked if you want to reboot

    NOTE: the system

     

    Starting CLI ...

    {hold:node0}

     

    root> set chassis cluster disable

    error: the jsrp-service subsystem is not running

     

    root> configure

    warning: Clustering enabled; using private edit

    error: shared configuration database modified

     

    Please temporarily use 'configure shared' to commit

    outstanding changes in the shared database, exit,

    and return to configuration mode using 'configure'

     

    {hold:node0}

    root> configure shared

    Entering configuration mode

    The configuration has been changed but not committed

     

    root# set system root-authentication plain-text-password

    New password:

    Retype new password:

     

     

    root# commit

    [edit interfaces]

      'ge-0/0/0'

         HA management port cannot be configured

    error: configuration check-out failed

     

    root# show interfaces

    ge-0/0/0 {

        unit 0;

    }

    ge-0/0/1 {

        unit 0 {

            family ethernet-switching {

                vlan {

                    members vlan-trust;

                }

            }

        }

    }

    ge-0/0/2 {

        unit 0 {

            family ethernet-switching {

                vlan {

                    members vlan-trust;

                }

            }

        }

    }

    ge-0/0/3 {

        unit 0 {

            family ethernet-switching {

                vlan {

                    members vlan-trust;

                }

            }