SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 127
Registered: ‎11-05-2010
0 Kudos

locked out of srx240

Hi guys,

I'm in a pickle here. Trying to install srx240.

 

I cannot log on to it since I configured clustering without deleting switching first.

 

I tried the revcovery procedure to reset the root password but it would not let me commit the change saying "cannot configure ge0/0/0 while in clustering mode.

 

When I reboot the device I get this alarm:

 

 

***** FILE SYSTEM MARKED CLEAN *****
Loading configuration ...
mgd: error: Cannot open configuration file: /config/juniper.conf
mgd: warning: activating factory configuration
Interface control process: [edit interfaces]
Interface control process:   'ge-0/0/0'
Interface control process:      HA management port cannot be configured
mgd: error: configuration check-out failed
Warning: Commit failed, activating partial configuration.
Warning: Edit the router configuration to fix these errors.
Setting initial options:  debugger_on_panic=NO debugger_on_break=NO.
Starting optional daemons:  usbd.
Doing initial network setup:

Is there any way around this???

 

 

Thanks,

 

Paul

 

 

Distinguished Expert
Posts: 2,408
Registered: ‎01-29-2008
0 Kudos

Re: locked out of srx240

When you boot into single user mode did you try issuing a "set chassis cluster disable reboot" command from the operational level prompt?

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
Posts: 127
Registered: ‎11-05-2010
0 Kudos

Re: locked out of srx240

Hey, thanks for the reply.

 

Yes I tried that but it would not let me issue the command :-(

 

Paul

Highlighted
Distinguished Expert
Posts: 2,408
Registered: ‎01-29-2008
0 Kudos

Re: locked out of srx240

Ok - here is my "stupid" question of the day. Did you try deleting the ge-0/0/0 config? Or actually just deleting all the config when you were in single user mode? Then just saving the newly updated config with the root password?

 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
Posts: 127
Registered: ‎11-05-2010
0 Kudos

Re: locked out of srx240

Hi again,

so basically here's what happened:

 

I logged into SRX240, added a root password and "set chassis cluster cluster-id 1 node 0 reboot"

 

Then after reboot I tried to delete the ge-0/0/0 config but it wouldn't let me.

 

I rebooted the srx240 again and ever since my root password doesn't work.

 

I tried doing the password recovery procedure but I cannot "commit" because it comes back with an error saying "cannot config ge-0/0/0 when in cluster mode"

 

Is there anything I can do to recover the situation? I'm on site very far from home and under some pressure here.

 

Thanks,

 

Paul

Contributor
Posts: 127
Registered: ‎11-05-2010
0 Kudos

Re: locked out of srx240

OK so here is what happens when I get into recovery mode:

 

{hold:node1}
root>

{hold:node1}
root> set chassis cluster disable reboot
error: the jsrp-service subsystem is not running

{hold:node1}
root> configure
warning: Clustering enabled; using private edit
error: shared configuration database modified

Please temporarily use 'configure shared' to commit
outstanding changes in the shared database, exit,
and return to configuration mode using 'configure'

{hold:node1}
root> configure shared
Entering configuration mode
The configuration has been changed but not committed

{hold:node1}[edit]
root# set system root-authentication plain-text-password
New password:
Retype new password:

{hold:node1}[edit]
root# commit and-quit
[edit interfaces]
  'ge-0/0/0'
     HA management port cannot be configured
error: configuration check-out failed

{hold:node1}[edit]
root#

Distinguished Expert
Posts: 830
Registered: ‎04-17-2008
0 Kudos

Re: locked out of srx240

If you can't delete the ge-0/0/0 config as suggested, try using the config reset button on the box
Ben Dale
JNCIP-ENT, JNCIP-SP, JNCIP-DC, JNCIE-SEC #63
Juniper Ambassador
Follow me @labelswitcher
Contributor
Posts: 127
Registered: ‎11-05-2010
0 Kudos

Re: locked out of srx240

I trief using that button also. No change :-(

 

Paul

Trusted Contributor
Posts: 127
Registered: ‎03-17-2011
0 Kudos

Re: locked out of srx240

Time for another stupid suggestion. Nave you tried logging in as root, and leaving the password blank?

I had an issue the last time indid a firmware upgrade on a cluster from 10.3 to 10.4 where node 1 somehow lost the root password, and would come up in a hold status.

I ended up having to reinstall the OS from single user mode, and it came up just fine after that.

I would definitely get ahold of jtac though, they should be able to get you fixed quickly.
Dustin

VCP-4/5, JNCIS-SEC, JNCIP-ENT
Visitor
Posts: 4
Registered: ‎02-04-2010
0 Kudos

Re: locked out of srx240

fantastico

thank you

New User
Posts: 1
Registered: ‎04-05-2012

Re: locked out of srx240

I faced the similer issue

 

After going through loader prompt

1st  issue watchdog disable

then boot -s

2nd once you are at root> you wont be able to go configuration mode to set root authentication

so issue command requst system zeroize 

then system will reboot

then issue set chassis cluster disable reboot

then again system will reboot

but this time you can go to configuration mode and change the root authentication 

 

 

Thanks and regard 

Vallabh Ratnakar

New User
Posts: 1
Registered: ‎09-15-2015
0 Kudos

Re: locked out of srx240

Any body solve this issue? I have the same issue with 2 srx 240 that do not accept any psw since configured in cluster. They  do not accept to be reset. I like to kow how to get the SRX reset. I also try the faillover and load factory command and it's still not possible to get the change commit.


paulkil wrote:

Hi guys,

I'm in a pickle here. Trying to install srx240.

 

I cannot log on to it since I configured clustering without deleting switching first.

 

I tried the revcovery procedure to reset the root password but it would not let me commit the change saying "cannot configure ge0/0/0 while in clustering mode.

 

When I reboot the device I get this alarm:

 

 

***** FILE SYSTEM MARKED CLEAN *****
Loading configuration ...
mgd: error: Cannot open configuration file: /config/juniper.conf
mgd: warning: activating factory configuration
Interface control process: [edit interfaces]
Interface control process:   'ge-0/0/0'
Interface control process:      HA management port cannot be configured
mgd: error: configuration check-out failed
Warning: Commit failed, activating partial configuration.
Warning: Edit the router configuration to fix these errors.
Setting initial options:  debugger_on_panic=NO debugger_on_break=NO.
Starting optional daemons:  usbd.
Doing initial network setup:

 

 

Is there any way around this???

 

 

Thanks,

 

Paul

 

 




 

 

Loading configuration ...

mgd: error: Cannot open configuration file: /config/juniper.conf

mgd: warning: activating factory configuration

Interface control process: [edit interfaces]

Interface control process:   'ge-0/0/0'

Interface control process:      HA management port cannot be configured

mgd: error: configuration check-out failed

Warning: Commit failed, activating partial configuration.

Warning: Edit the router configuration to fix these errors.

Setting initial options: .

Starting optional daemons:  usbd.

Doing initial network setup:

.

Initial interface configuration:

additional daemons: eventd.

Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boot/modules;/modules/ifpfe_drv;/modules;

kld netpfe drv: ifpfed_dialer.

Doing additional network setup:.

Starting final network daemons:.

setting ldconfig path: /usr/lib /opt/lib

starting standard daemons: cron.

Initial rc.mips initialization:.

Local package initialization:.

starting local daemons:.

Creating JAIL MFS partition...

JAIL MFS partition created

boot.upgrade.uboot="0xBFC00000"

boot.upgrade.loader="0xBFE00000"

Boot media /dev/da0 has dual root support

** /dev/da0s2a

FILE SYSTEM CLEAN; SKIPPING CHECKS

clean, 245781 free (21 frags, 30720 blocks, 0.0% fragmentation)

Wed Sep 16 08:17:35 UTC 2015

Running recovery script ...

machdep.bootsuccess: 1 -> 1

 

 

Performing initialization of management services ...

Performing checkout of management services ...

 

NOTE: Once in the CLI, you will need to enter configuration mode using

NOTE: the 'configure' command to make any required changes. For example,

NOTE: to reset the root password, type:

NOTE:    configure

NOTE:    set system root-authentication plain-text-password

NOTE:    (enter the new password when asked)

NOTE:    commit

NOTE:    exit

NOTE:    exit

NOTE: When you exit the CLI, you will be asked if you want to reboot

NOTE: the system

 

Starting CLI ...

{hold:node0}

 

root> set chassis cluster disable

error: the jsrp-service subsystem is not running

 

root> configure

warning: Clustering enabled; using private edit

error: shared configuration database modified

 

Please temporarily use 'configure shared' to commit

outstanding changes in the shared database, exit,

and return to configuration mode using 'configure'

 

{hold:node0}

root> configure shared

Entering configuration mode

The configuration has been changed but not committed

 

root# set system root-authentication plain-text-password

New password:

Retype new password:

 

 

root# commit

[edit interfaces]

  'ge-0/0/0'

     HA management port cannot be configured

error: configuration check-out failed

 

root# show interfaces

ge-0/0/0 {

    unit 0;

}

ge-0/0/1 {

    unit 0 {

        family ethernet-switching {

            vlan {

                members vlan-trust;

            }

        }

    }

}

ge-0/0/2 {

    unit 0 {

        family ethernet-switching {

            vlan {

                members vlan-trust;

            }

        }

    }

}

ge-0/0/3 {

    unit 0 {

        family ethernet-switching {

            vlan {

                members vlan-trust;

            }

        }